Welcome to the ONSEC Cyber Daily for July 22, 2025. Today, we dive into a critical narrative unfolding in the cybersecurity world. A zero-day vulnerability has been discovered in Microsoft SharePoint servers, leading to a wave of global cyberattacks. Microsoft has issued an urgent alert and released emergency patches to counteract this threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation, urging immediate action from businesses and governments worldwide. This vulnerability, known as CVE-2025-53770, is a stark reminder of the ever-evolving cyber landscape and the importance of staying vigilant. Join us as we unravel the details and implications of this pressing cybersecurity challenge.

Exploits Alert

1. Microsoft SharePoint Zero-Day Vulnerability Exploited in Cyberattacks: Microsoft has issued an urgent alert regarding a zero-day vulnerability in SharePoint servers that is actively being exploited in cyberattacks. This flaw allows attackers to gain unauthorized access to sensitive data, posing a significant threat to businesses and government agencies worldwide. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also released a warning, urging organizations to apply the emergency fix provided by Microsoft to mitigate the risk. Source: The Hindu
2. CrushFTP Servers Actively Exploited Via Critical Vulnerability: A critical vulnerability in CrushFTP servers is being actively exploited by cybercriminals, including the notorious Clop cybercrime group. This flaw allows attackers to execute arbitrary code remotely, potentially compromising sensitive data stored on affected servers. Organizations using CrushFTP are advised to apply the latest security patches and monitor their systems for any signs of unauthorized access. Source: LinkedIn
3. Liteon Electric Vehicle Chargers Vulnerability Alert: The Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert regarding vulnerabilities in Liteon electric vehicle chargers. These flaws could allow attackers to manipulate charging processes or cause disruptions in electric vehicle infrastructure. CISA recommends that users update their devices with the latest firmware to protect against potential cyberattacks. Source: JD Supra
4. Consequence-driven Cyber-informed Engineering: A new methodology known as consequence-driven cyber-informed engineering is emerging as a crucial pillar for national security. This approach focuses on integrating cybersecurity measures into the design and operation of critical infrastructure, bridging the gap between digital technology and physical processes. Experts emphasize the importance of adopting this methodology to enhance resilience against cyber threats. Source: Eurekalert
5. Agencies Face Tight Deadline to Mitigate SharePoint Vulnerability: Federal agencies are under pressure to address the SharePoint vulnerability that has been actively exploited in recent cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed the ongoing exploitation and has set a deadline for agencies to implement necessary mitigations. Failure to comply could result in severe consequences, including data breaches and operational disruptions. Source: Federal News Network

Vulnerabilities & Patches

1. Microsoft issues patches for "ToolShell" vulnerable SharePoint Servers: Microsoft has released critical patches for SharePoint servers to address the "ToolShell" vulnerabilities, specifically CVE-2025-53370 and CVE-2025-53770. These vulnerabilities, with a CVSS score of 9.8, allow attackers to execute remote code and steal cryptographic keys. Organizations are urged to apply these patches immediately to protect their systems. Source: iTnews
2. Cisco Patches Three Critical Vulnerabilities: Cisco has addressed critical vulnerabilities in its Identity Services Engine (ISE) and ISE-PIC, identified as CVE-2025-20281 and CVE-2025-20337. These flaws could allow remote code execution through crafted API requests. Users are advised to update their systems promptly to mitigate potential exploitation. Source: TechRepublic
3. Google Patched Chrome Zero-Day That Allowed Sandbox Escape: Google has patched a significant zero-day vulnerability in Chrome, CVE-2025-6558, which allowed attackers to escape the browser's sandbox security. This flaw posed a severe risk to users, and Google recommends updating to the latest version to ensure protection. Source: Latest Hacking News
4. Active Exploitation of Microsoft SharePoint Vulnerabilities: Microsoft and CISA have issued warnings about active exploitation of SharePoint vulnerabilities, CVE-2025-53771 and CVE-2025-49706. These vulnerabilities allow attackers to bypass previous patches and execute code remotely. Organizations should apply the latest patches and harden their systems against potential attacks. Source: Unit 42
5. Microsoft Releases Urgent Patch to Counter Server Attacks: Microsoft has released an urgent patch for CVE-2025-53770, a vulnerability in SharePoint that allows remote code execution and bypasses traditional defenses. This patch is crucial for protecting on-premises SharePoint servers from ongoing cyberattacks. Source: Newsweek

Podcasts

1. TomorrowX's Disruptive Approach to Legacy System Protection: This episode of the Cyber Uncut podcast features Kostas Siourthas, founder and CEO of TomorrowX, discussing innovative strategies for protecting legacy systems. The conversation delves into how TomorrowX is revolutionizing cybersecurity by addressing vulnerabilities in outdated infrastructures. Source: Cyber Daily.
2. The Cybersecurity Bridge - Greg Notch, Expel: Greg Notch joins Jon Oltsik to explore the evolving landscape of cybersecurity. They discuss the challenges and opportunities in the field, emphasizing the importance of adaptive strategies to combat emerging threats. Source: YouTube.
3. Talking Cyber: Man Pleads Guilty To Hacking For Promotion: In this episode, Amanda Glassner and Heather Engel discuss a recent case where a man pleaded guilty to hacking for career advancement. The conversation highlights the ethical dilemmas and legal implications of cybercrime in professional settings. Source: iHeart.
4. Resiliency Unleashed: Careers & The Evolving Cyber Landscape: Michael Centrella joins Kris Lovejoy to discuss the dynamic nature of cybersecurity careers. They explore how professionals can adapt to the rapidly changing landscape and the skills needed to thrive in this field. Source: iHeart.
5. Navigating Cloud Security with TrustOnCloud: Tyson Garrett explains how TrustOnCloud is enhancing cloud security by providing updated threat models for major cloud services. This episode offers insights into the latest cloud security challenges and solutions. Source: CISO Series.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's crucial to remember the ever-evolving landscape of cybersecurity threats. The recent zero-day exploit targeting Microsoft SharePoint servers serves as a stark reminder of the vulnerabilities that can be exploited by cybercriminals. With Microsoft issuing urgent alerts and patches, it's a race against time to secure systems and protect sensitive data. In this interconnected world, staying informed is our best defense. We encourage you to share this newsletter with your friends and colleagues. By spreading awareness, we can collectively strengthen our cybersecurity posture and safeguard our digital environments. Thank you for being a part of our community. Stay vigilant, stay informed, and let's continue to navigate the cyber world together. Until next time, keep your systems secure and your data protected.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)