Ethical Hacking News
Canada's House of Commons has been breached by hackers exploiting a recently disclosed Microsoft vulnerability, compromising sensitive employee data. The attack highlights the growing threat landscape facing Canada, with incidents rising sharply over the past two years. Experts speculate that the breach might be linked to China, Russia, or Iran, and advise users to ensure that mitigation measures are in place.
Pierluigi Paganini reports a shocking cyberattack on Canada's House of Commons database. Hackers exploited a Microsoft SharePoint Server deserialization vulnerability (CVE-2025-53770) to breach the parliament's database. The attack exposed sensitive employee information, including names, job titles, and email addresses. The House of Commons cybersecurity agency and CSE are investigating the incident without attribution at this time. Experts speculate a link between the breach and recent reports on China, Russia, and Iran as targets for cyberattacks. The incident highlights Canada's growing threat landscape, with state adversaries being the most sophisticated threats.
Pierluigi Paganini, renowned cybersecurity expert and author of Security Affairs, brings to light a shocking incident that shook the very foundations of Canada's House of Commons. On August 15, 2025, it was revealed that hackers had successfully breached the parliament's database by exploiting a recently disclosed Microsoft vulnerability. This cyberattack not only compromised sensitive information but also raised concerns about the country's cybersecurity posture.
According to CBC News, the breach occurred on Friday and exposed data containing employees' names, job titles, office locations, and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices. The attackers gained access to a database that used Microsoft SharePoint Server, exploiting a deserialization vulnerability tracked as CVE-2025-53770.
The House of Commons cybersecurity agency and Canada's Communications Security Establishment (CSE) are currently investigating the incident, with no attribution given for the attack at this time. However, experts speculate that the breach might be linked to a recent CSE report highlighting China, Russia, and Iran as increasing targets for cyberattacks against Canada.
The Microsoft SharePoint zero-day vulnerability was recently disclosed by Viettel Cyber Security via Trend Micro's ZDI (Zero Day Initiative). The advisory from Microsoft warned of an exploit existing in the wild, and the company is preparing to release a comprehensive update to address this vulnerability. In the meantime, experts advise users to ensure that the mitigation measures provided in the CVE documentation are in place.
This incident highlights the growing threat landscape facing Canada, with incidents rising sharply over the past two years. State adversaries, such as China, have been deemed the most sophisticated and active threats, linked to breaches of at least 20 federal networks over the past four years. Cyber threats targeting critical infrastructure are also on the rise, with various organizations experiencing cyberattacks in recent months.
The breach of Canada's House of Commons serves as a stark reminder of the importance of maintaining robust cybersecurity measures and staying vigilant against evolving threats. As experts continue to investigate this incident and provide guidance on mitigating measures, it is essential for individuals and organizations alike to prioritize information security and take proactive steps to safeguard their digital assets.
Related Information:
https://www.ethicalhackingnews.com/articles/Hacking-Exposed-The-Breach-of-Canadas-House-of-Commons-via-a-Microsoft-Vulnerability-ehn.shtml
https://securityaffairs.com/181155/hacking/hackers-exploit-microsoft-flaw-to-breach-canada-s-house-of-commons.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
https://www.cvedetails.com/cve/CVE-2025-53770/
Published: Thu Aug 14 20:04:05 2025 by llama3.2 3B Q4_K_M
