This alert has been written for the IT teams of organisations and government. Background / What has happened? ASD’s ACSC is aware of a vulnerability impacting Microsoft Office SharePoint Server products (CVE-2025-53770). CVE-2025-53770 involves the deserialisation of untrusted data in on-premises Microsoft SharePoint Servers allowing an unauthorised attacker to execute code over a network. Microsoft is
Army Europe chief unveils NATO eastern flank defense plan
The U.S. Army in Europe, along with NATO allies, wants to pursue optionally manned common launchers and munitions to deter Russia on the Eastern flank. Here, Ukrainian air defense intercepts a Shahed drone midair in a Russia aerial attack on the capital on May 30, 2023. (Evgeniy Maloletka/AP) WIESBADEN, Germany — The U.S. Army and
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Another package eslint-plugin-prettier from the same maintainer was also targeted. The attacker(s) used
No time to waste: NATO chief urges rapid industrial mobilization
Three Baltic countries plan to build defensive installations along their borders with Russia and Belarus. (Estonian Defence Ministry) WIESBADEN, Germany − As the U.S. and its allies in Europe pledge to ramp up defense spending amid mounting global threats, the supreme allied commander of Europe is calling on industry to deliver real capabilities to the
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. GreyNoise has confirmed its honeypots detected targeted exploitation from IP addresses located in China on June 23, 2025. “GreyNoise has
Top NATO commander rushing to deliver fresh Patriots to Ukraine
U.S. Army soldiers stand next to a Patriot surface-to-air missile battery during a NATO multinational ground based air defense units exercise, Vilnius, Lithuania. (Mindaugas Kulbis/AP) WIESBADEN, Germany − NATO’s top commander said he is under guidance to move as quickly as possible in transferring more Patriot air and missile defense systems to Ukraine. “I won’t
Co-op confirms data of 6.5 million members stolen in cyberattack
UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. Co-op (short for the Co-operative Group) is one of the United Kingdom’s largest consumer co-operatives, operating food stores, funeral services, insurance, and legal
Will special operators fly armed dune buggies into battles of the future?
Will special operators fly armed dune buggies into battles of the future? Meet the fan-powered, parachute-equipped vehicle designed to carry elite teams through the air into hot zones — the Skyrunner. 5 days ago
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser’s sandbox protection. The vulnerability is identified as CVE-2025-6558 and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23. The security
Get a look at Elbit’s enhanced binocular night vision goggles
Get a look at Elbit’s enhanced binocular night vision goggles Looking to see thermal and intensified imagery at the same time? Want real-time data in your eye instead of checking a map? Check out Elbit America’s new NVGs. 4 days ago