Zero Trust Security LLC

Security Alert
A self-replicating worm has been discovered affecting 180+ software packages.

- What you need to know:

It spreads automatically once inside a system.
Targets software supply chains and package managers.
Can open backdoors for further attacks.

-What to do now:

Update all software to the latest version.
Verify package sources before installing.
Monitor systems for unusual network activity.

Zero Trust Security™ is monitoring this evolving threat. Stay safe. Stay Zero Trust.

Security Alert – New Password Manager Exploit Discovered

A new attack called DOM-based Extension Clickjacking has been revealed at DEF CON 33.
This technique tricks users into clicking a harmless-looking pop-up (like a cookie banner), which secretly triggers your password manager to autofill and leak your login details to attackers.

- What You Need to Know:

Attack is not widely used yet, but researchers warn it’s low-effort and high-risk.

All major browsers (Chrome, Edge, Firefox, etc.) can be affected because it targets extensions, not the browsers themselves.

Vulnerable managers include: Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, and LogMeOnce.

Safe (already patched): NordPass, ProtonPass, RoboForm, Dashlane, Keeper.

Bitwarden has released a fix – update to version 2025.8.0 or newer.

- How to Protect Yourself:

Update your password manager immediately.

Disable autofill or set it to “On Click” in extension settings.

Manually paste logins until your manager is patched.

Be cautious of suspicious pop-ups or overlays on websites.

Zero Trust Security™ recommends all clients take action now.
📞 Need help securing your accounts? Contact us

Microsoft has released an important update that fixes over 100 security issues in Windows and other Microsoft programs. 13 of these are very serious and could allow hackers to get into your computer without you doing anything.

What this means for you:

Hackers could take control of your computer or steal your information.

Problems were found in Windows, Office, Teams, and other Microsoft services.

Even if you’re careful online, these flaws could still be used against you.

What to do right now:
✅ Install the latest Microsoft updates on all your devices.
✅ Restart your computer after updates finish.
✅ If you’re not sure how to check, contact me and I’ll walk you through it.

Security Alert
Critical SharePoint Vulnerability Could Let Hackers Take Over

Microsoft just confirmed a zero-day vulnerability (CVE-2025-23412) in SharePoint Server that’s already being exploited in the wild.

Attackers can run malicious code on your server without needing user interaction — potentially gaining full control of your SharePoint environment.

Who’s at risk?
• Businesses using on-premises SharePoint
• Organizations who haven’t installed July 2025 security updates
• Users without endpoint protection or network segmentation

What to do now:
-Apply the latest Microsoft security patches ASAP
-Audit SharePoint permissions and access logs
-Monitor for unusual behavior

Not sure where to start? We can help.

At Zero Trust Security™, we specialize in hardening systems like SharePoint before they become a headline.

📞 Contact us to schedule a rapid vulnerability check:
https://0trustsec.com

™

Don't Reuse That Password

Still using the same password everywhere?
If one site gets hacked, your entire digital life is exposed.
Use a password manager and make each password unique.
No repeats. No regrets.
🔐 Stay safe. Stay Zero Trust.

Hashtags:

Do you know who Scattered Spider is?
Do you know what they can do?

They’re not breaking in through your firewalls — they’re talking their way in through your people.

- Fake IT staff
- Deepfake phone calls
- SIM swaps
- Ransomware with real-world costs

They’ve hit MGM Resorts, Qantas, Caesars, and more — using nothing more than trust and a phone.

🛡️ At Zero Trust Security™, we believe trust should be earned — not assumed.

Read the full breakdown of how they operate and how to stop them:
https://0trustsec.com/security-news

Microsoft Just Dropped a Massive Patch Update – Did you install it yet?

July Patch Tuesday includes over 130 fixes, including:
- A wormable Windows RCE flaw (can spread across networks)
- A SQL Server bug leaking sensitive info
- 14+ critical vulnerabilities that attackers love to exploit

Run Windows Update on ALL your devices — personal and business.
If you're a business owner, make sure servers and endpoints are patched before the weekend hits.

Is Your Smart Device a Zombie?

Did you know your smart doorbell, camera, or even a thermostat could be hijacked and turned into a Zombie IoT device? Hackers exploit these poorly secured devices to launch large-scale attacks, spread malware, or spy on your network — all without you ever knowing!

Here’s how to fight back:
🔒 Change the default passwords
🔄 Keep devices updated
🛡️ Segment IoT from your main network
🔌 Disconnect devices you no longer use

Protect your digital home before it becomes part of a hacker’s zombie army. 🧟‍♂️

Phishing Friday: Don't Take the Bait!
Ever get one of those emails that says:

“Your invoice is ready. Click here to view.”
From: [email protected]

Yeah… don’t click that. 🎣

Phishing attacks are sneaky — and they’re getting smarter.
Even emails that look like they’re from someone you know can be fake.

Ask me anything about spotting scams — drop your questions in the comments, and I’ll answer them right here!
Or shoot me a DM if it's more personal.

Stay smart. Stay cautious. Stay Zero Trust.

Heads-Up: A New AI Tool in Microsoft Might Be a Privacy Risk
Microsoft's new AI assistant, Copilot, was found to have a security issue that could leak private info — and the worst part? You don’t even have to click anything for it to happen.

What’s going on?
Someone could sneak in a harmful message that tricks the AI into sharing things it shouldn’t — like your files or emails.

What you can do:
• Keep your Microsoft apps updated
• Don’t give AI access to everything
• Talk to your IT person (or me!) about what’s safe to use

If you’re using Microsoft 365 for home or business, we can help check your setup and keep your info protected.

Stay aware.
Stay Zero Trust.