Critical Microsoft SharePoint Zero-Day Exploited Amid Major Data Breaches
Critical Microsoft SharePoint Zero-Day Exploited Amid Major Data Breaches
On July 30, 2025, a critical zero-day vulnerability in Microsoft SharePoint, identified as CVE-2025-53770, was reported to be actively exploited. This vulnerability allows threat actors to gain remote access, potentially compromising sensitive information across various sectors, notably government and healthcare. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts, urging organizations to patch their systems immediately as confirmed attacks have already been detected.
In addition to the SharePoint vulnerability, Allianz Life disclosed a significant data breach affecting approximately 1.4 million customers due to a compromised third-party CRM system. Meanwhile, Ingram Micro faced a ransomware attack from the SafePay group, causing operational disruptions and estimated losses of up to $136 million daily. Furthermore, France Travail, the French national employment agency, suffered a breach exposing data of around 340,000 job seekers through a compromised partner account. These incidents underscore the increasing complexity and risks within the cybersecurity landscape.
Also In Security Today
- Ingram Micro Ransomware Attack: Ingram Micro's systems were shut down due to a ransomware attack by the SafePay group, linked to VPN vulnerabilities. This incident emphasizes the need for robust VPN security measures.
- Allianz Life Data Breach: A data breach at Allianz Life exposed personal information of 1.4 million customers, highlighting the risks of third-party dependencies in data management.
- France Travail Data Exposure: France Travail experienced a breach affecting 340,000 job seekers, accessed through a compromised partner account, illustrating vulnerabilities in inter-organizational security.