Microsoft Released Patches for SharePoint Vulnerability CVE-2025-53770 CVE-2025-53771

Microsoft released a patch for the currently exploited SharePoint vulnerability. It also added a second CVE number identifying the authentication bypass vulnerability.

https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/

How Quickly Are Systems Patched?

Jan took Shodan data to check how quickly recent vulnerabilities were patched. The quick answer: Not fast enough.

https://isc.sans.edu/diary/How%20quickly%20do%20we%20patch%3F%20A%20quick%20look%20from%20the%20global%20viewpoint/32126

HP Enterprise Instant On Access Points Vulnerability

HPE patched two vulnerabilities in its Instant On access points (aka Aruba). One allows for authentication bypass, while the second one enables arbitrary code execution as admin.

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us

Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy

AppLocker sample policies suffer from a simple bug that may enable some rule bypass, but only if signatures are not enforced.

While reviewing Microsoft s suggested configuration, Varonis Threat Labs noticed a subtle but important issue: the MaximumFileVersion field was set to 65355 instead of the expected 65535.

https://www.varonis.com/blog/applocker-bypass-risks

Ghost Crypt Malware Leverages Zoho WorkDrive

The Ghost malware tricks users into downloading by sending links to Zoho WorkDrive locations.

https://www.esentire.com/blog/ghost-crypt-powers-purerat-with-hypnosis