U.S. nuclear agency caught in SharePoint espionage wave
In late July, Microsoft on-prem SharePoint servers were mass-exploited, with the National Nuclear Security Administration (NNSA) among the victims. Officials said the impact was limited, but the campaign hit hundreds of organizations and highlights the risk of lagging on-prem patches versus cloud hardening.
If you still run SharePoint on-prem, review Microsoft/CISA guidance and hunt for web shells. (Reuters, The Washington Post)
How to protect your organization:
- Migrate to secure cloud services, as this can help reduce exposure to on-premises vulnerabilities.
- Apply vendor security patches immediately and verify the fixes have closed the vulnerability.
- Isolate critical systems when a breach is suspected to prevent lateral movement.
- Regularly audit access and credentials for outdated accounts and excessive permissions.
Why it matters:
When critical flaws are found in widely used platforms, attackers race to exploit them before organizations can patch. Decision-makers can reduce risk to their organizations by moving high-value collaboration systems to managed, cloud-based environments and insisting on documented patch completion from their IT managers or vendors.
McDonald’s “McHire” chatbot compromised, exposing chats for 64M job applications
Researchers found the admin panel for McHire (built by Paradox.ai) protected by the username “123456” and password “123456,” allowing access to conversations and applicant data tied to tens of millions of applications. It’s a cautionary tale about vendor risk and credential hygiene in HR tech. If you outsource recruiting, ensure you demand SSO, strong authentication, and routine third-party penetration tests. (BleepingComputer, WIRED)
How to protect your organization:
- Eliminate default credentials immediately upon deployment of any system or service.
- Use strong, unique passwords combined with multi-factor authentication (MFA).
- Conduct regular penetration testing to uncover hidden flaws like IDOR vulnerabilities.
- Implement strict access controls to prevent unauthorized data retrieval.
Why it matters:
Numerous corporate breaches have occurred due to basic setup oversights rather than advanced hacking. Leadership can prevent this by making security checks part of procurement and launch procedures.
SSL.com’s Client Authentication Certificates remove reliance on passwords entirely by requiring cryptographic certificates for system access. Even if a link or admin panel is exposed, it can’t be accessed without the proper certificate installed.
Strengthen authentication with Client Authentication Certificates
Louis Vuitton customer leak triggers global probes
On July 21, Hong Kong’s privacy watchdog said 419,000 customers were affected by a Louis Vuitton data leak, following notices in other regions. The brand said payment data wasn’t obtained, but contact details and order info were exposed. Luxury retail’s sprawling data flows make tight vendor controls and rapid breach notification essential. (Reuters)
How to protect your organization:
- Encrypt customer data both in transit and at rest to prevent unauthorized access.
- Have a breach response plan that includes timely regulatory and customer notifications.
- Limit stored personal data to only what is necessary for operations.
- Monitor systems for suspicious activity and investigate anomalies immediately.
Why it matters:
Delayed responses can multiply financial, legal, and reputational damage, especially when regulators are involved and when the brand’s reputation is tied to exclusivity and trust.
In the luxury sector, the customer base often includes high-profile individuals, making exposed contact and order information particularly valuable to scammers, phishers, and even competitors. Executives should ensure their organization has a tested breach response plan and only keep necessary data stored in the first place.
Ingram Micro ransomware: SafePay threatens to dump 3.5 TB
Global distributor Ingram Micro disclosed a July ransomware incident. Soon after, the SafePay ransomware group posted a countdown to leak 3.5 TB of alleged data. The attack forced systems offline and briefly pushed staff to remote work before services were restored. It’s a vivid example of double-extortion pressure against a critical supply-chain hub. (ingrammicro.com, BleepingComputer)
How to protect your organization:
- Establish an “isolation protocol” so critical systems can be quickly disconnected if ransomware is suspected.
- Require offline backups stored in a separate, non-networked location and test recovery on a quarterly basis.
- Request a ransomware-readiness review from IT to ensure MFA and network segmentation are in place before an incident occurs.
- Ensure software updates are signed and verified so attackers can’t push malicious code disguised as legitimate updates.
Why it matters:
Ransomware attacks not only lock systems but often leak stolen data, making recovery a reputational challenge as well as a technical one.
Leaders should ensure the organization’s recovery plan includes both operational restoration and a communications strategy. SSL.com’s Code Signing Certificates protect against one common ransomware tactic — replacing legitimate software with malicious versions — by allowing users to verify that updates are authentic before installing.
Protect your software with Code Signing Certificates
July Patch Tuesday: One disclosed zero-day among 137 fixes
Microsoft’s July 8 update addressed 137 vulnerabilities, including one publicly disclosed SQL Server zero-day and 14 rated Critical.
With consideration to rapid exploit adoption, organizations must prioritize the security of internet-facing services and disable preview-pane processing where applicable. It is recommended to track Microsoft’s release notes and vendor write-ups for detection guidance. (BleepingComputer, Microsoft Security Response Center)
How to protect your organization:
- Deploy SQL Server updates immediately and confirm installation of Microsoft OLE DB Driver 18 or 19 to fully mitigate the zero-day risk.
- Block Office document previews in Outlook and Windows Explorer until all Office updates are applied to prevent auto-triggering malicious files.
- Restrict SharePoint user permissions so that only trusted accounts have access until the patch is deployed.
- Create a “critical patch checklist” that includes verification steps and team sign-off to ensure nothing is missed during urgent updates.
Why it matters:
These flaws expose platforms at the core of business operations, including databases, productivity suites, and collaboration tools. This makes them attractive targets for data theft and ransomware attacks.
By formalizing these steps into a critical patch checklist with clear verification and team sign-off, leadership can make patching both faster and more reliable, preventing security gaps caused by oversight or miscommunication.
Updates & Announcements
CA/Browser Forum (CABF) Developments & Reminders:- S/MIME Developments: Ballot SMC011 proposes allowing European Unique Identifiers (EUID) for EU/EEA organization validation.
- Key deadlines: CAA checking (mandatory since March 15), MPIC validation (May 15), and Legacy profile deprecation (July 15).
- SSL/TLS Validity: The trend toward shorter certificate lifespans continues, reinforcing the importance of automation in certificate management. Learn more about how to prepare for 47-day certificate lifespans.
- Purchase BIMI-compliant Verified Mark Certificates (VMCs). Available soon in Gmail and Apple Mail trust stores.
- SSL.com MPIC full enforcement begins on September 2, 2025, and industry-wide enforcement goes into effect on September 15, 2025.
- Starting September 15, 2025, SSL.com will issue TLS server certificates without the Client Authentication EKU, aligning with Google Chrome’s Root Program Policy. Review our guide to prepare.
- Depending on when they were issued by SSL.com, the last of the soft format code signing certificates will expire before June 1, 2026. Replacements in PFX format will no longer be available after expiration. Per CA/Browser Forum rules, private keys must be stored in encrypted devices (e.g., tokens), on-site FIPS-compliant HSMs, or cloud-based HSM services. See our guide for details.