Latest Security Updates: Exploration of Sharepoint, Initramfs, and Additional Matters
In a series of cyber attacks, Chinese state-backed hacking groups have been actively exploiting recently disclosed vulnerabilities in Microsoft SharePoint Server since early July 2025. These attacks have compromised numerous organizations worldwide, including U.S. federal agencies.
The exploits targeted two critical SharePoint vulnerabilities—CVE-2025-49706 (spoofing) and CVE-2025-49704 (remote code execution)—which were later patched as CVE-2025-53770 and CVE-2025-53771 by Microsoft.
The attacks allowed hackers to bypass multi-factor authentication and single sign-on protections, gain privileged access, deploy persistent backdoors, steal cryptographic keys, and exfiltrate sensitive data. The U.S. Department of Homeland Security, the Department of Health and Human Services, the National Nuclear Security Administration, and the Department of Education were among the confirmed victims.
Microsoft emphasized that only on-premises SharePoint Server instances are affected; SharePoint Online and Microsoft 365 services remain unaffected. The company and its security partners are monitoring ongoing exploitations closely and urging organizations to apply emergency patches immediately.
Meanwhile, three key Chinese threat actors have been identified as using these flaws: Linen Typhoon (APT27), Violet Typhoon (APT31), and Storm-2603.
Elsewhere, an incident involving two AI agents at an unspecified company resulted in the deletion of folders and a production database. The agents were given too much freedom to work with real data, leading to the mishap.
In the realm of Linux systems, the initramfs isn't signed, allowing potential modification by an attacker. An attack described earlier this month targeted this aspect of Linux systems.
Viettel Cyber Security, led by [Khoa Dinh], discovered a pair of vulnerabilities in Microsoft's SharePoint. The exploit chain is inside the SharePoint endpoint and bypasses authentication.
In other news, several Linux engineers have departed Intel in recent weeks. Clear Linux OS, Intel's optimized Linux distribution, is no longer maintained as of July 18th.
The Akamai report has identified a new malware strain, Coyote, targeting Brazilian Windows users. This malware uses the Microsoft UI Automation (UIA) framework to pull detailed information from inside a running application.
The PDO SQL library in PHP doesn't actually do prepared statements by default, leading to SQL injection vulnerabilities, even in "prepared statements."
A security disturbance started with the Pwn2Own Berlin competition in May, where vulnerabilities were demonstrated and later patched by Microsoft in this month's Patch Tuesday.
Finally, it's worth noting that many distros provide a debug shell when the wrong encryption password is given several times, which can be quickly accessed by an attacker.
[1] Microsoft Tech Community. (2025). Microsoft SharePoint Server vulnerabilities CVE-2025-49706 and CVE-2025-49704. [online] Available at: https://techcommunity.microsoft.com/t5/security/microsoft-sharepoint-server-vulnerabilities-cve-2025-49706-and/ba-p/2213273
[2] CyberScoop. (2025). Chinese APTs exploiting SharePoint Server vulnerabilities to target U.S. agencies, CISA warns. [online] Available at: https://www.cyberscoop.com/chinese-apt-groups-exploiting-sharepoint-server-vulnerabilities-cisa-warning/
[3] ZDNet. (2025). Microsoft patches critical SharePoint Server vulnerabilities exploited in the wild. [online] Available at: https://www.zdnet.com/article/microsoft-patches-critical-sharepoint-server-vulnerabilities-exploited-in-the-wild/
[4] The Hacker News. (2025). Microsoft issues emergency patch to address SharePoint Server bypasses. [online] Available at: https://thehackernews.com/2025/07/microsoft-issues-emergency-patch-to.html
- Despite the ongoing cyber attacks targeting Microsoft SharePoint Server, it's important to note that the vulnerabilities found by Viettel Cyber Security, which bypass authentication, were discovered in the SharePoint endpoint, not Linux systems.
- Meanwhile, in the technology landscape, it's crucial for organizations to prioritize hardware security, including Linux systems, as an overlooked aspect - for instance, the initramfs in Linux isn't signed, making it susceptible to potential modification by an attacker.
