Issue #159 - July 21, 2025
- Weekly INK
- Jul 21
- 2 min read
US Nuclear Agency Breach Tied to SharePoint Zero-Days
Source: Data Breach Today
Hackers used zero-day flaws in Microsoft SharePoint to breach a U.S. government agency that maintains and designs the country's nuclear weapons. Hundreds of organizations have succumbed to vulnerabilities in the widely used Microsoft software collectively known as ToolShell. Hackers penetrated the National Nuclear Security Administration, a semi-autonomous part of the Department of Energy, as well as other parts of the same department, a spokesperson told Information Security Media Group after Bloomberg first reported the breach Wednesday.
Iranian APT Targets Android Users With New Variants of DCHSpy Spyware
Source: Security Week
Iranian APT MuddyWater has been using new versions of the DCHSpy Android surveillance tool since the beginning of the conflict with Israel. One week after the Israel-Iran conflict started, Lookout identified new DCHSpy samples, which appear to have been deployed against adversaries disguised as VPNs or banking applications, using political lures.
Another Medical Practice Closes Its Doors After Cyberattack
Source: Info Risk Today
Another small medical care provider has shut its doors forever as the result of a recent "devastating" cyberattack and data theft. Georgia-based Ascension Health Services LLC - which did business as Alpha Wellness & Alpha Medical Centre - decided to permanently pull the plug on its operations in April following an attack allegedly carried out by cybercriminal gang RansomHub, which lists the practices as a victim on its darkweb site.
Microsoft Traces On-Premises SharePoint Exploits to China
Source: Data Breach Today
Hackers targeting zero-day vulnerabilities in Microsoft SharePoint appear to have focused on stealing cryptographic data to facilitate long-term, post-patch access to servers, security experts warn. Microsoft, which has tied early exploitation activity to China, is rushing out emergency patches to help organizations blunt the exploit chain, dubbed ToolShell, being used. On-premises versions of SharePoint are at risk but SharePoint Online in Microsoft 365 is not.
Department of Education Site Mimicked in Phishing Scheme
Source: Dark Reading
An ongoing phishing campaign is using fake versions of the department's G5 grant portal, taking advantage of political turmoil associated with the DoE's 1,400 layoffs. Hackers are spoofing a US government website in an effort to steal sensitive credentials from educators.