At a glance.
- More than 400 SharePoint servers were "actively compromised."
- Popular npm packages injected with malware.
- Dior discloses breach of customer data.
- US sentences five individuals behind illegal streaming service.
More than 400 SharePoint servers were "actively compromised."
Researchers at Eye Security scanned 23,000 SharePoint servers that are vulnerable to the exploit chain leveraging CVE-2025-53770 and CVE-2025-53771, finding that 400 of the servers were "actively compromised" during several waves of attacks last week. Three waves occurred on July 17th, 18th, and 19th, while multiple attack campaigns began on July 21st after a proof-of-concept exploit was published on GitHub. Microsoft warned late yesterday that ransomware actors are now exploiting the flaw.
Users of on-prem SharePoint instances are urged to apply the patches as soon as possible, and Eye Security notes that "[a]fter the patches have been applied it is advised to rotate the ASP.NET machine keys." Mandiant CTO Charles Carmakal said the initial waves of attack primarily focused on stealing these keys, which could provide access to the servers after the vulnerability has been patched.
Popular npm packages injected with malware.
A phishing campaign targeting developers led to the compromise of several popular npm packages, including eslint-config-prettier and eslint-plugin-prettier, SecurityWeek reports. According to researchers at Socket, the attackers sent phishing emails with tokenized URLs leading to a typosquatted version of the Node.js website. A maintainer fell for the attack, and the threat actors used a stolen npm token "to publish malicious versions of multiple packages without touching the GitHub repos, making the attack harder to spot." The Trojanized packages "attempted to execute a DLL on Windows machines, potentially allowing remote code execution."
Dior discloses breach of customer data.
LVMH-owned luxury goods giant Dior has disclosed a data breach involving customers' names, contact information, addresses, dates of birth, and in some cases, passport or government ID numbers and Social Security numbers. The breach occurred in January 2025, and the company discovered it in May.
The Register says the ShinyHunters extortion group is believed to be responsible for the attack. BleepingComputer notes that the same group was likely behind the recent breach of Louis Vuitton (also owned by LVMH).
US sentences five individuals behind illegal streaming service.
The US Justice Department has announced the sentencing of five Nevada men, including a German citizen, for their roles in operating the illegal TV streaming service Jetflicks. The leader of the operation, 42-year-old Kristopher Lee Dallmann, was sentenced to seven years in prison after being found guilty of conspiracy to commit copyright infringement, money laundering, criminal copyright infringement by distribution, and criminal copyright infringement by public performance.
The Justice Department noted, "At one point, Jetflicks claimed to have 183,285 different television episodes, significantly more than Netflix, Hulu, Vudu, Amazon Prime, or any other licensed streaming service. This was the largest internet piracy case — as measured by the estimated total infringement amount and total number of infringements — ever to go to trial as well as the first illegal streaming case ever to go to trial."
