In brief: Cisco flaws are being actively exploited by hackers, police dismantle SocGholish, StealC and Amedey malware, and more.
The high-severity flaw allowed attackers with access to affected devices to run commands as root by uploading a specially crafted file.
The attackers exploited known SharePoint vulnerabilities and conducted reconnaissance for additional access paths.
The Edgecution extension consists of a Microsoft Edge extension and a Python-based backdoor, which allows system information collection, filesystem access, process creation, and arbitrary code execution.
In a separate case, US authorities have seized a cloud computing account used by subsidiaries of the Cambodia-based Huione Group.
LastPass said its products, services, infrastructure, and customer password vaults were not affected.
The tool abuses FortiOS's built-in packet-sniffing feature to capture network traffic and collect authentication data.
