U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee […]

Canada Canadian Investment Regulatory Organization

Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News.

Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability.

“The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee information.” reported CBC News.

“According to an internal email obtained by CBC News, the House of Commons alerted staff on Monday that there was an information breach. It said a malicious actor was able to exploit a recent Microsoft vulnerability to gain unauthorized access to a database containing information used to manage computers and mobile devices.”

The intruders gained access to a House of Commons database, compromised information includes employees’ names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices.

Canada’s Communications Security Establishment (CSE) is aware of the security breach and is helping the House of Commons in investigating the incident. At this time, the attacker’s identity remains unknown. The CSE defines a threat actor as anyone acting with malicious intent to access or disrupt data, devices, or networks without authorization.

A recent CSE report notes China, Russia, and Iran increasingly target Canada, but attribution for the House of Commons breach remains unclear. The cyberattack occurred on Friday and exposed data that could be misused for scams or impersonation.

The House of Commons breach may be linked to a recently exploited Microsoft SharePoint zero-day tracked as CVE-2025-53770, though the exact flaw wasn’t disclosed. Staff and members were urged to stay alert for scams, with no attribution given for the attack.

In July, Microsoft warned of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770 (CVSS score of 9.8), which is under active exploitation. The vulnerability is a deserialization of untrusted data in on-premises Microsoft SharePoint Server, an unauthorized attacker could exploit the vulnerability to execute code over a network. Viettel Cyber Security reported the flaw via Trend Micro’s ZDI.

“Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.” reads the advisory. “Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.”

Canada faces growing cyber threats from criminals and state actors, with incidents rising sharply in the past two years. State adversaries are bolder, while profit-driven criminals exploit illicit tools and AI. China is deemed the most sophisticated and active threat, linked to breaches of at least 20 federal networks over the past four years.

Cyber threats targeting Canada’s critical infrastructure are increasing.

In June, Canada’s airline WestJet suffered a cyberattack that impacted access to some internal systems and the company’s app.

In April 2025, Canadian electric utility Nova Scotia Power and parent company Emera faced a cyberattack that disrupted their IT systems and networks. The cyber attack impacted their IT systems and networks. Both companies declared that the security incident did not cause any power outages. 

In September 2023, Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. In June 2023, the cyber attack suffered by Suncor Energy impacted payment operations at Petro-Canada gas stations in Canada.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Canada)