Critical Cyber Threats: SharePoint Zero-Day, npm Malware, and Web3 Scams – July 2025 Tech Security Roundup

```html Top Tech Headlines – July 20, 2025 | BootableUSBs.com

Top Tech Headlines – July 20, 2025

From a critical SharePoint zero-day to supply chain threats rippling through npm, today’s cybersecurity landscape is packed with red flags. Here’s your quick and clear breakdown of what’s happening in the tech world — and what you can do to stay protected.

🚨 Unpatched Microsoft SharePoint Zero-Day Actively Exploited

SharePoint Security Exploit

A new zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, is being actively exploited in the wild. Over 85 servers and at least 75 organizations across the globe have already been breached. The bugs enable remote code execution (RCE), and with no patch currently available, on-prem SharePoint users face a serious security headache.

🔑 HPE Aruba Access Points Expose Users via Hardcoded Credentials

HPE Aruba Vulnerability

Hewlett-Packard Enterprise has issued a warning for its Aruba Instant On Access Points. These Wi-Fi devices ship with hardcoded login credentials – a major vulnerability allowing attackers to bypass authentication and access device settings. If you manage Aruba networks, now's the time to audit and update.

🎯 Web3 Devs Targeted by EncryptHub’s Fake AI Tool Scam

EncryptHub Malware Targeting Web3

A new malware campaign dubbed EncryptHub is preying on Web3 developers. Attackers pose as AI platform providers and trick developers into downloading tools laced with Fickle Stealer — malware designed to snatch crypto wallet info and developer credentials. Web3 builders, stay skeptical of unsolicited AI downloads.

🪓 Malware Injected into npm Packages via Phished Maintainer Tokens

npm Malware Supply Chain Attack

In a fresh supply chain attack, six npm packages were polluted with malware after package maintainers fell for a phishing scheme. Attackers stole access tokens, injected malicious code, and exposed thousands of projects to risk. Developers relying on npm should verify package authorship and consider using safety-focused mirrors.

🛡️ CrushFTP Vulnerability Lets Intruders Take Admin Control

CrushFTP Critical Flaw

The file transfer solution CrushFTP has a critical vulnerability (CVE-2025-54309) that’s under active exploitation. Older versions before July 1 are most at risk, allowing attackers to gain full admin access. If you're running CrushFTP, patch ASAP or isolate the host from sensitive internal systems.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.

```
, , ,

RELATED ARTICLES
Massive Data Breaches, AI Threats, and Critical Exploits: Top Cybersecurity News for August 25, 2025
Android Fakes and SSH Credential Theft: Top Cybersecurity Threats on August 24, 2025
Cybersecurity Warnings, Outlook Glitches, and Botnet Threats: Top Tech News for August 23, 2025
Cyber Threats, AI Security & Major Breaches: Top Tech News for August 22, 2025
Cybersecurity Breaches, AI Breakthroughs, and Major Tech Shifts – August 21, 2025 Tech Roundup
Urgent Tech & Cybersecurity News for August 20, 2025: AI Threats, Zero-Days, Microsoft Outages & More
Cybersecurity, AI, and Data Breaches: Tech News You Need for August 19, 2025
Cybersecurity Chaos: Top Breaches, Malware Leaks, and AI Threats – August 18, 2025