Insights

Summary Microsoft has confirmed active exploitation of a critical on-premises SharePoint vulnerability, CVE‑2025‑53770-a variant of the previously identified CVE‑2025‑49706. This vulnerability allows unauthenticated remote code execution (RCE) on SharePoint servers. While SharePoint Online (Microsoft 365) is not affected, organizations using SharePoint Server 2016, 2019, and Subscription Edition are at immediate risk. At the time of this post, no official patch is available. Microsoft has issued interim mitigation guidance. What You Need to Know The vulnerability has been assigned a CVSS score of 9.8 (Critical). Exploits are being observed in the wild. Victims include public sector, education, and private industry servers globally. The exploit method, named "ToolShell" by researchers, involves a chain of vulnerabilities that allow attackers to gain full control of servers without authentication. Attackers exploit public-facing SharePoint servers using crafted requests that trigger deserialization flaws, ultimately installing web shells such as spinstall0.aspx to maintain persistent access. Microsoft's Guidance Microsoft…

Two races. Four days. And a lot to prove. Critical Path Security proudly backed Ryan Vargas as he took on the challenging west coast swing of the NASCAR Canada Series, racing in both Edmonton and Saskatoon within just four days. And Ryan delivered. In Edmonton, Vargas showed impressive pace, battling within the top five for much of the race. After a late-race incident set him back, he fought hard to salvage a 6th-place finish - an effort that moved him up to 5th in the overall driver point standings. Rolling into Saskatoon, Ryan and the team were determined to keep momentum on their side. Starting 7th, he methodically worked through the field, eventually battling with his teammate, team owner, and former series champion DJ Kennington. At the checkered flag, Ryan secured a solid P5 finish, retaining his Top-5 position in the season standings. We're proud to stand alongside Ryan as…

Introduction SIM swapping-also known as SIM jacking-continues to enable attackers to hijack phone numbers, intercept two-factor codes, and compromise everything from email accounts to crypto wallets. AT&T's new Wireless Account Lock is a long-overdue, critical layer of protection, designed to close off one of the most exploited social engineering attack paths. For customers of AT&T, Critical Path Security recommends immediate activation of this feature and incorporating it into mobile security strategies. What AT&T's Wireless Account Lock Does This new feature allows AT&T customers to proactively prevent key account changes, including: SIM and eSIM swaps Phone number transfers Billing address or payment info edits Addition or removal of authorized users Upgrades or purchases billed to the account Accessible via the myAT&T app or website, this lock can only be toggled by the account owner or designated secondary users. Notifications are sent whenever the feature is enabled or disabled, serving as a…

At Critical Path Security, our Managed SOC (mSOC) isn't built to upsell you. It's designed to protect you. Powered by the Léargas Security platform, our services provide complete security visibility across IT, Cloud, and OT/ICS environments-without charging extra for the features you need to operate securely. Here's what's included, by default: Cloud Security Monitoring (Azure, Office365, AWS CloudTrail, Google, Okta, Duo, Meraki, and more) EDR Coverage and Endpoint Threat Detection (SentinelOne, Windows, Sysmon, etc.) SIEM Visibility with Correlation and Alerting Threat Intelligence-Driven Analysis and Prioritization OT/ICS Protocol Visibility (Zeek, Suricata, Syslog, and more) Dark Web Monitoring Multi-Tenancy Support for Enterprises and MSPs Real-Time Reporting and Alerting, Built-In 24/7 Human Security Operations Monitoring and Incident Response What does that mean in practice? Our platform processes and analyzes over several hundred million artifacts per hour across network, cloud, and endpoint environments. You get clear dashboards, comprehensive reporting, and actionable alerts-without worrying about…