The House of Commons of Canada experienced a cyberattack exploiting a recent Microsoft vulnerability, leading to a data breach involving employee information. Authorities are investigating the incident, with support from Canada’s Cyber Centre, amid warnings of potential scams using stolen data. #MicrosoftVulnerability #CyberCentre
Keypoints
- The breach involved the exploitation of a Microsoft vulnerability to access sensitive data.
- The threat actor stole employee names, job titles, office locations, and email addresses.
- Canadian authorities are supporting the investigation but have not identified a specific threat group.
- Recent Microsoft security bugs, CVE-2025-53770 and CVE-2025-53786, are highlighted as active targets.
- Many organizations remain vulnerable, with over 29,000 unpatched Exchange servers exposed globally.