24‑Hour Cybersecurity Vulnerability Round‑Up

26 Jul

26Jul

Published July 26, 2025 by Cyber Dude Bivash

1. Microsoft SharePoint “ToolShell” Zero‑Days Under Active Attack

CVE‑2025‑53770 & CVE‑2025‑53771 are critical zero‑day vulnerabilities in on‑premises SharePoint Server. They’re being actively exploited by Chinese-linked APTs Linen Typhoon, Violet Typhoon, and Storm‑2603. Rapid7+9Windows Central+9Cyware Labs+9
Attackers are deploying both Warlock and LockBit ransomware, stealing cryptographic keys, and establishing persistent access on compromised servers. The Times of India+2Tom's Hardware+2IT Pro+2
Microsoft issued out‑of‑band emergency patches, but initial fixes were bypassed—prompting further updates and investigations into possible information leaks within their MAPP program. The Wall Street Journal+1Windows Central+1

✅ Mitigation steps:

Install the latest patches for all affected SharePoint versions, rotate MachineKeys, enable AMSI/Defender, restart IIS, isolate affected hosts, review logs, and monitor for indicators of compromise.

2. CitrixBleed 2 Critical Exploit (CVE‑2025‑5777)

The critical memory over‑read bug in Citrix NetScaler ADC/Gateway dubbed CitrixBleed 2 is in active exploitation. Rapid7+15SecurityWeek+15Windows Central+15SecurityWeek+2TechRadar+2BleepingComputer+2
CISA has mandated federal agencies to apply the patch within 24 hours—underscoring the severity. The Times of India+4TechRadar+4BleepingComputer+4

✅ Mitigation steps:

Immediately patch NetScaler devices, restrict public access, monitor traffic for suspicious scanning or requests, and enforce strict input validation.

3. Cisco ISE / ISE‑PIC Unauthenticated Root Code Execution (CVE‑2025‑20281 & 2025‑20282)

Critical RCE vulnerabilities in Cisco Identity Services Engine (ISE) and Passive Identity Connector let unauthenticated attackers execute commands or upload malicious code with root privileges. The Hacker News+1BleepingComputer+1
Cisco confirmed active exploitation attempts in real-world environments. The Wall Street Journal+12The Hacker News+12The Economic Times+12

✅ Mitigation steps:

Apply updates for ISE and ISE‑PIC (versions 3.3 and 3.4), segment network access, restrict administrative access by IP, and monitor NAC logs for anomalies.

📋 Quick Summary Table

Vulnerability	Key Risk	Attack Status	Mitigation
SharePoint CVE‑53770/53771	Ransomware deployment, key theft	Actively exploited by nation-state APTs	Patch now, rotate keys, isolate hosts
CitrixBleed 2 CVE‑5777	Session token theft, data exposure	Active scan & exploit in progress	Immediate patch & restrict public exposure
Cisco ISE CVE‑2025‑20281/2	Full root takeover	Real‑world exploitation confirmed	Patch, segment access, monitor

CybersecurityVulnerability AnalysisCybersecurity News Updates

Cybersecurity Vulnerability Security Vulnerability cyberdudebivash

Comments

1. Microsoft SharePoint “ToolShell” Zero‑Days Under Active Attack

2. CitrixBleed 2 Critical Exploit (CVE‑2025‑5777)

3. Cisco ISE / ISE‑PIC Unauthenticated Root Code Execution (CVE‑2025‑20281 & 2025‑20282)

📋 Quick Summary Table

2. CitrixBleed 2 Critical Exploit (CVE‑2025‑5777)

3. Cisco ISE / ISE‑PIC Unauthenticated Root Code Execution (CVE‑2025‑20281 & 2025‑20282)