Hackers exploit Microsoft flaw to breach Canada ’s House of Commons – Against Invaders – Notícias de CyberSecurity para humanos.

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons - Against Invaders - Notícias de CyberSecurity para humanos.

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News.

Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability.

“The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee information.” reported CBC News.

“According to an internal email obtained by CBC News, the House of Commons alerted staff on Monday that there was an information breach. It said a malicious actor was able to exploit a recent Microsoft vulnerability to gain unauthorized access to a database containing information usedto manage computers and mobile devices.”

The intruders gained access to a House of Commons database, compromised information includes employees’ names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices.

Canada’s Communications Security Establishment (CSE) is aware of the security breach and is helping the House of Commons in investigating the incident. At this time, the attacker’s identity remains unknown. The CSE defines a threat actor as anyone acting with malicious intent to access or disrupt data, devices, or networks without authorization.

A recent CSE report notes China, Russia, and Iran increasingly target Canada, but attribution for the House of Commons breach remains unclear. The cyberattack occurred on Friday and exposed data that could be misused for scams or impersonation.

The House of Commons breach may be linked to a recently exploited Microsoft SharePoint zero-day tracked as CVE-2025-53770, though the exact flaw wasn’t disclosed. Staff and members were urged to stay alert for scams, with no attribution given for the attack.

In July, Microsoft warned of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770 (CVSS score of 9.8), which is under active exploitation. The vulnerability is a deserialization of untrusted data in on-premises Microsoft SharePoint Server, an unauthorized attacker could exploit the vulnerability to execute code over a network. Viettel Cyber Security reported the flaw via Trend Micro’s ZDI.

“Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.”reads the advisory. “Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.”

Canada faces growing cyber threats from criminals and state actors, with incidents rising sharply in the past two years. State adversaries are bolder, while profit-driven criminals exploit illicit tools and AI. China is deemed the most sophisticated and active threat, linked to breaches of at least 20 federal networks over the past four years.

Cyber threats targeting Canada’s critical infrastructure are increasing.

In June, Canada’s airline WestJet suffered a cyberattack that impacted access to some internal systems and the company’s app.

In April 2025, Canadian electric utility Nova Scotia Power and parent company Emera faced a cyberattack that disrupted their IT systems and networks. The cyber attack impacted their IT systems and networks.Both companies declared that the security incident did not cause any power outages.

In September 2023, Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. In June 2023, the cyber attack suffered by Suncor Energy impacted payment operations at Petro-Canada gas stations in Canada.

Follow me on Twitter:@securityaffairsandFacebookandMastodon

PierluigiPaganini

(SecurityAffairs–hacking,Canada)

azaeo.com – datalake

File fishes formats available in:

TextoJSONJSON-LDXMLHTMLHTML SourcePDFMarkdown

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.