Cybersecurity News Update – July 23, 2025
Table of Contents
- Critical Unpatched SharePoint Zero-Day Actively Exploited in the Wild
- CISA Mandates Urgent Patch for Chrome Zero-Day CVE-2025-6554
- Hackers Leverage GitHub for Stealthy Malware Delivery Operations
- Critical Cisco Zero-Day Grants Root Access Without Credentials
- NIST Initiates Withdrawal of HMAC Standard, Updates on Cryptographic Guidance
- DoNot APT Group Launches Targeted Attacks on European Governments
- Google Patches Chrome Zero-Day Exploited for Sandbox Escape
- McDonald’s AI Hiring System Data Leak Impacts Millions
Critical Unpatched SharePoint Zero-Day Actively Exploited in the Wild
Exploitation Campaigns Affecting Over 75 Organizations
A newly discovered zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, is currently being exploited in large-scale cyberattacks. Over seventy-five organizations have reported breaches, largely affecting on-premises deployments.
Technical Mechanism: Forged Payloads Bypass Authentication
Attackers are acquiring cryptographic keys stored on vulnerable SharePoint servers, allowing them to forge __VIEWSTATE payloads. These forged payloads are accepted by SharePoint, bypassing authentication and enabling remote code execution without user interaction. The attackers manipulate .NET serialization within __VIEWSTATE, granting arbitrary code execution capabilities over the network.
Remediation Challenges
Remediation is complicated due to persistent trust in stolen cryptographic secrets. Applying patches alone may not invalidate compromised keys, so organizations must rotate cryptographic material in addition to patching. CISA recommends immediate implementation of prescribed mitigations and collaboration with Microsoft for threat notification and remediation guidance.
Broader Attribution Concerns
Researchers have flagged potential overlaps between CVE-2025-53770 and previously disclosed vulnerabilities (CVE-2025-49704, CVE-2025-49706). Some attack activity may be misattributed, further complicating forensic response.
Mitigation Steps
• Apply vendor updates as soon as released
• Manually rotate cryptographic secrets
• Monitor logs for suspicious VIEWSTATE activity • Restrict internet-facing SharePoint server exposure
