🧨 Major Vulnerabilities & Exploits This Week

1. Microsoft SharePoint “ToolShell” Zero‑Day Exploits

• A wave of attacks targeting critical on‑premises SharePoint vulnerabilities (CVE‑2025‑53770, CVE‑2025‑53771, plus earlier CVE‑2025‑49704/49706) has hit over 400 organizations, including U.S. government agencies like the National Nuclear Security Administration CybleThe Hacker News+5Tom's Hardware+5Windows Central+5.
• Threat actors include China-linked groups: Storm‑2603, Linen Typhoon, and Violet Typhoon, deploying Warlock and LockBit ransomware and stealing cryptographic keys The Times of India+5Tom's Hardware+5IT Pro+5.
• Microsoft is investigating a potential leak within its Microsoft Active Protections Program (MAPP), which may have fueled early exploitation Reuters.
• Immediate Actions: Apply emergency patches, rotate ASP.NET machine keys, restart IIS, enable AMSI/Defender, isolate public SharePoint servers, and monitor IOCs Reuters+15CPO Magazine+15Tom's Hardware+15.

2. Cisco Unified Communications Manager – CVE‑2025‑20309

• A CVSS 10.0 flaw in Cisco Unified CM and CM SME allows attackers to gain root-level access via static, hard-coded credentials discovered in development builds The Hacker News+1The Hacker News+1.
• Though exploitation in the wild hasn’t been observed yet, Cisco released patches and IoCs promptly The Hacker News+1CISA+1.
• Remediation: Patch to versions beyond 15.0.1.13017‑1; monitor secure logs (/var/log/active/syslog/secure) for unauthorized root access attempts.

3. Linux ‘sudo’ Privilege Escalation – CVE‑2025‑32462 / CVE‑2025‑32463

• Two separate flaws in sudo utility:
  • CVE‑2025‑32462 (CVSS 2.8) allows unintended host access when the sudoers file restricts hosts incorrectly.
  • CVE‑2025‑32463 (CVSS 9.3) enables local attackers to gain root privileges when certain option combinations use a user-controlled NSS config directory The Hacker NewsThe Hacker News+1CPO Magazine+1.
• Fix: Upgrade to sudo 1.9.17p1 or newer.

4. Anthropic SQLite MCP SQL Injection – CVE‑2025‑49596

• An unpatched SQL injection flaw in Anthropic’s SQLite-based MCP server allowed attackers to manipulate agent workflows and execute commands via DNS rebinding and forged headers The Hacker NewsThe Hacker News.
• A patch (0.14.1) released on June 13 corrected this by adding origin validation and token checks.
• Best Practice: If using MCP or similar AI agent infrastructure, ensure only properly secured/forked versions are deployed, especially in production.

5. Industrial IoT & Building Controls: Honeywell Niagara Framework

• Nozomi Networks researchers uncovered 13 vulnerabilities in Tridium's Niagara Framework, a middleware for smart building systems like HVAC, fire alarms, and access control The Hacker Newsfacilitiesdive.com+1Wikipedia+1.
• These flaws could allow attackers to disable alarms or manipulate physical systems.
• Mitigation: Apply vendor patches or override configurations as recommended; isolate building-control networks from enterprise IT environments.

6. Cisco Talos: Comdb2 Database DoS Vulnerabilities

• Five vulnerabilities in Bloomberg’s open‑source database Comdb2 allow DoS attacks via crafted packets targeting high‑availability enterprise deployments facilitiesdive.comcyberpress.org.
• Advice: Upgrade to fixed versions or implement network filtering and protocol anomaly monitoring.

🧠 Industry Trends: Vulnerability Burst & Response Times

• Over 900 vulnerabilities recorded this week, with nearly 200 exploitable within days of disclosure—a sharp indicator that time-to-exploit is shrinking dramatically WikipediaCyble.

📊 Table: Hot Vulnerabilities at a Glance