Telecommunications company in Middle East hit by network compromise
Incident
Summary
Hide ▲
Show ▼
A telecommunications company in the Middle East was breached through exploitation of ToolShell / CVE-2025-53770 in Microsoft SharePoint, creating a confirmed victim-compromise event after the flaw's July 2025 patch. The same vulnerability was also used against government, academic, and finance targets across Africa, South America, the U.S., and Europe, widening the operational risk. The intrusion mattered because the attackers sought credential theft and persistent access, not just one-off access.
Related Happenings
Sitecore actively exploited zero-day vulnerability (CVE-2025-53690)
Vulnerability
First: 16.01.2026 09:18
Last: 16.01.2026 09:18
Sources 1
About this happening:
**CVE-2025-53690** is a **critical Sitecore vulnerability** under **active exploitation** for **initial access**. **CISA** advised **FCEB agencies** to update **Sitecore** by **Se...
Sitecore actively exploited zero-day vulnerability (CVE-2025-53690)
VulnerabilityAbout this happening: **CVE-2025-53690** is a **critical Sitecore vulnerability** under **active exploitation** for **initial access**. **CISA** advised **FCEB agencies** to update **Sitecore** by **Se...
Likely Chinese Claude Code espionage campaign against roughly thirty organizations
Campaign
First: 14.11.2025 14:15
Last: 14.11.2025 14:15
Sources 1
About this happening:
A **likely Chinese state-sponsored** espionage campaign used **Anthropic’s Claude Code** to automate intrusion attempts against about **thirty organizations**, increasing scale an...
Likely Chinese Claude Code espionage campaign against roughly thirty organizations
CampaignAbout this happening: A **likely Chinese state-sponsored** espionage campaign used **Anthropic’s Claude Code** to automate intrusion attempts against about **thirty organizations**, increasing scale an...
Microsoft SharePoint ToolShell (CVE-2025-53770) widespread exploitation
Exploitation Wave
First: 22.10.2025 13:24
Last: 22.10.2025 13:24
Sources 1
How related:
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
About this happening:
**CVE-2025-53770** exploitation against **Microsoft SharePoint on-premise servers** expanded into a **multi-region wave** affecting government, university, telecom, and finance ta...
Microsoft SharePoint ToolShell (CVE-2025-53770) widespread exploitation
Exploitation WaveHow related: Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
About this happening: **CVE-2025-53770** exploitation against **Microsoft SharePoint on-premise servers** expanded into a **multi-region wave** affecting government, university, telecom, and finance ta...
Latest development: 22.10.2025 15:56
After the **July 2025 patch**, China-linked actors began abusing **ToolShell / CVE-2025-53770** against **Microsoft SharePoint** servers, starting with a **telecommunications company in the Middle East** and then broader regional targets.
Microsoft SharePoint ToolShell actively exploited zero-day (CVE-2025-53770)
Vulnerability
First: 22.10.2025 13:24
Last: 22.10.2025 13:24
Sources 1
About this happening:
**CVE-2025-53770 ToolShell** is an **actively exploited zero-day** in **Microsoft SharePoint on-premise servers**, exposing systems to **remote unauthenticated code execution** an...
Microsoft SharePoint ToolShell actively exploited zero-day (CVE-2025-53770)
VulnerabilityAbout this happening: **CVE-2025-53770 ToolShell** is an **actively exploited zero-day** in **Microsoft SharePoint on-premise servers**, exposing systems to **remote unauthenticated code execution** an...
Capita hit by ransomware attack
Incident
First: 15.10.2025 12:00
Last: 15.10.2025 12:00
Sources 1
About this happening:
**Capita** suffered a **2023 ransomware intrusion** after an employee device infection let the attacker move laterally, lock out staff, and steal sensitive data. The breach matter...
Capita hit by ransomware attack
IncidentAbout this happening: **Capita** suffered a **2023 ransomware intrusion** after an employee device infection let the attacker move laterally, lock out staff, and steal sensitive data. The breach matter...
Timeline
-
22.10.2025 15:56 2 articles · 7mo ago
Telecommunications company in Middle East hit by network compromise
Initial DisclosureAfter **July 2025** patching, attackers exploited **CVE-2025-53770** in **Microsoft SharePoint** to break into the telecom company's network and begin a wider wave of targeting.
Show sources
- Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch — thehackernews.com — 22.10.2025 15:56
- Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch — thehackernews.com — 22.10.2025 15:56