InfoSecBulletin Cybersecurity for mankind
Security researchers report that hackers have infiltrated a minimum of 400 organizations by capitalizing on a recently discovered zero-day vulnerability in Microsoft SharePoint. This alarming development indicates a significant increase in the number of identified breaches since the bug was unveiled last week.
Eye Security, a Dutch cybersecurity company, discovered a vulnerability in SharePoint, software used by companies to store and share documents. They reported finding hundreds of affected SharePoint servers online, a significant increase from just dozens earlier this week.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Bloomberg reports that one of the affected organizations includes the National Nuclear Security Administration (NNSA), the federal agency responsible for maintaining and developing the U.S. stockpile of nuclear weapons. A spokesperson for the Department of Energy, which houses the NNSA, did not respond to TechCrunch’s request for comment.
Multiple government departments and agencies fell victim to early attacks that leveraged a SharePoint vulnerability, according to researchers. Evidence shows that hackers began exploiting this flaw on July 7.
CVE-2025-53770 is a bug that impacts self-hosted SharePoint versions. If exploited, it allows attackers to execute malicious code remotely, gaining access to files on the server and other systems in the company’s network.
The vulnerability is known as a zero-day because Microsoft had no time to release patches before it was exploited. Microsoft has since released patches for all affected SharePoint versions.
Google and Microsoft say they have evidence that several China-backed hacking groups are exploiting the bug, but warned companies to expect an uptick in compromises as more hacker groups seek to take advantage of the vulnerability. The Chinese government denied the allegations.
