{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/23932411\"></iframe>","width":"100%","height":180,"duration":649,"description":"On August 8th, 2025, hackers breached the Canadian House of Commons by exploiting a critical Microsoft SharePoint zero-day vulnerability—CVE-2025-53770—with a severity score of 9.8. The attack compromised a database containing sensitive employee information, including names, job titles, office locations, email addresses, and technical details about House-managed computers and mobile devices. While investigators from the Communications Security Establishment and the Canadian Centre for Cyber Security have not confirmed the identity of the attackers, the breach bears striking similarities to recent campaigns by Salt Typhoon—also known as Storm-2603—a Chinese state-linked APT group notorious for exploiting SharePoint flaws to infiltrate high-value targets.This intrusion underscores the growing risk Canada faces from both state-sponsored actors and profit-driven cybercriminals. In recent years, Canadian organizations have suffered a surge of high-profile cyber incidents, from WestJet and Air Canada to Nova Scotia Power and Suncor Energy. The stolen House of Commons data could be weaponized for spear-phishing, impersonation, and targeted social engineering attacks against government officials and staff. Experts warn that the breach’s timing—shortly after Microsoft’s public disclosure of active in-the-wild exploitation—highlights the speed at which threat actors move to capitalize on newly revealed vulnerabilities.CVE-2025-53770, a deserialization of untrusted data flaw, enables remote code execution across SharePoint environments, granting attackers deep access to sensitive content and configurations. While Microsoft has been working on a comprehensive fix after an earlier partial patch failed, the incident shows how quickly unpatched zero-days can become a national security issue. Security professionals urge immediate patching, rigorous device monitoring, clear verification protocols, and proactive adversary emulation to prepare for similar attacks.Canada’s latest...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}