1. Microsoft SharePoint under attack — 'ToolShell' vulnerabilities in on-premise environments
- An active exploitation was detected since July 7, 2025 of the exploit known as CVE‑2025‑53770/CVE‑2025‑53771, affecting local Microsoft SharePoint environments (Not in the cloud) in multiple sectors: governments, universities, companies and health entities.
- El UK NCSC confirmed a limited number of local victims, while globally the reach already exceeds one hundred.
- Microsoft has released emergency patches for the 2019 and Subscription Edition versions. The 2016 version still lacks a solution and it is not recommended to expose it to the Internet.
- The tactics use double linked vulnerability to achieve persistence, key theft, and remote execution without prior authentication.
- Recommended reaction: immediate patching, isolation of vulnerable systems, key rotation (MachineKey), activation of AMSI and continuous forensic scanning.
2. Dell suffers a breach in demo environment: 1.3 TB of leaked 'false' data
- The Extortion Group World Leaks (formerly Hunters International) caused access to Dell's internal Customer Solution Center platform, although it was isolated from critical networks.
- They leaked 1.3 TB of data, including scripts, backups, test data and contact lists, without compromising sensitive real customer data.
- The incident highlights how test or demonstration environments are valuable targets for exfiltration and blackmail attacks, even without ransomware.
- Key points: insufficient segmentation, unnecessary real data in vulnerable environments, and lack of proactive monitoring.
3. UK is preparing law to ban ransom payments for ransomware in the public sector
- El British government has proposed a regulation that prohibits public entities and critical infrastructure operators (such as NHS or city councils) to pay ransoms after ransomware attacks.
- Private companies considering paying should Notify the authorities in advance, allowing for intervention and surveillance.
- The measure seeks Dismantling the ransomware economy, to send a clear signal to criminals and to reinforce national intelligence.
- Challenges: compliance, covert evasion, technical repercussions for organizations without robust contingency plans.
4. Mercadona hoax circulates on social networks and fraudulent websites
- In recent days, the False rumor that Mercadona will go public, with links to sites that try steal bank and personal details.
- The company has categorically denied the information and recall that No process is being prepared to enter the stock market.
- These scams use the branding of major brands to build trust and targeted phishing.
🧠 Key recommendations this week
- ✅ Verify all information before interacting or sharing - especially on social networks.
- ✅ Protect your legacy systems: SharePoint, RDP, VPNs must have segmentation and oversight.
- ✅ Isolate test environments from the rest of your critical infrastructure.
- ✅ Adopt a formal policy against paying ransoms.
- ✅ Review your external communication channels: attackers are also exploiting your brand.
Apolo Cybersecurity: Your Partner in the Face of Modern Threats
We offer specialized solutions in:
- Security in Microsoft environments and SharePoint auditing.
- CISO as a Service, ENS compliance, and resilience against ransomware.
- 24/7 SOC, TLPT simulations and anti-phishing campaigns.
- Reputational monitoring and digital risk analysis.
%402x.svg){kind=icon}