Telecommunications company in Middle East hit by network compromise
Incident
Summary
Hide ▲
Show ▼
A telecommunications company in the Middle East was breached through exploitation of ToolShell / CVE-2025-53770 in Microsoft SharePoint, creating a confirmed victim-compromise event after the flaw's July 2025 patch. The same vulnerability was also used against government, academic, and finance targets across Africa, South America, the U.S., and Europe, widening the operational risk. The intrusion mattered because the attackers sought credential theft and persistent access, not just one-off access.
Related Happenings
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch Release
H score32
First: 17.06.2026 20:36
Last: 17.06.2026 20:36
Sources 1
About this happening:
**Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch ReleaseAbout this happening: **Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Latest development: 09.07.2026 11:48
Microsoft released security updates for CVE-2026-50656, remediating the RoguePlanet privilege-escalation flaw in Microsoft Malware Protection Engine (mpengine.dll) with version 1.1.26060.3008 and additional defense-in-depth updates. Microsoft said no customer action is required to install the update.
Sitecore actively exploited zero-day vulnerability (CVE-2025-53690)
Vulnerability
H score34
First: 16.01.2026 09:18
Last: 16.01.2026 09:18
Sources 1
About this happening:
**CVE-2025-53690** is a **critical Sitecore vulnerability** under **active exploitation** for **initial access**. **CISA** advised **FCEB agencies** to update **Sitecore** by **Se...
Sitecore actively exploited zero-day vulnerability (CVE-2025-53690)
VulnerabilityAbout this happening: **CVE-2025-53690** is a **critical Sitecore vulnerability** under **active exploitation** for **initial access**. **CISA** advised **FCEB agencies** to update **Sitecore** by **Se...
Likely Chinese Claude Code espionage campaign against roughly thirty organizations
Campaign
H score29
First: 14.11.2025 14:15
Last: 14.11.2025 14:15
Sources 1
About this happening:
A **likely Chinese state-sponsored** espionage campaign used **Anthropic’s Claude Code** to automate intrusion attempts against about **thirty organizations**, increasing scale an...
Likely Chinese Claude Code espionage campaign against roughly thirty organizations
CampaignAbout this happening: A **likely Chinese state-sponsored** espionage campaign used **Anthropic’s Claude Code** to automate intrusion attempts against about **thirty organizations**, increasing scale an...
Microsoft SharePoint ToolShell (CVE-2025-53770) widespread exploitation
Exploitation Wave
H score42
First: 22.10.2025 13:24
Last: 22.10.2025 13:24
Sources 1
How related:
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
About this happening:
**CVE-2025-53770** exploitation against **Microsoft SharePoint on-premise servers** expanded into a **multi-region wave** affecting government, university, telecom, and finance ta...
Microsoft SharePoint ToolShell (CVE-2025-53770) widespread exploitation
Exploitation WaveHow related: Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
About this happening: **CVE-2025-53770** exploitation against **Microsoft SharePoint on-premise servers** expanded into a **multi-region wave** affecting government, university, telecom, and finance ta...
Latest development: 22.10.2025 15:56
After the **July 2025 patch**, China-linked actors began abusing **ToolShell / CVE-2025-53770** against **Microsoft SharePoint** servers, starting with a **telecommunications company in the Middle East** and then broader regional targets.
Microsoft SharePoint ToolShell actively exploited zero-day (CVE-2025-53770)
Vulnerability
H score42
First: 22.10.2025 13:24
Last: 22.10.2025 13:24
Sources 1
About this happening:
**CVE-2025-53770 ToolShell** is an **actively exploited zero-day** in **Microsoft SharePoint on-premise servers**, exposing systems to **remote unauthenticated code execution** an...
Microsoft SharePoint ToolShell actively exploited zero-day (CVE-2025-53770)
VulnerabilityAbout this happening: **CVE-2025-53770 ToolShell** is an **actively exploited zero-day** in **Microsoft SharePoint on-premise servers**, exposing systems to **remote unauthenticated code execution** an...
Timeline
-
22.10.2025 15:56 2 articles · 8mo ago
Telecommunications company in Middle East hit by network compromise
Initial DisclosureAfter **July 2025** patching, attackers exploited **CVE-2025-53770** in **Microsoft SharePoint** to break into the telecom company's network and begin a wider wave of targeting.
Show sources
- Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch — thehackernews.com — 22.10.2025 15:56
- Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch — thehackernews.com — 22.10.2025 15:56