technology, artificial intelligence, futuristic, intelligent, brain, communication, information, robot, network, human, blue technology, blue brain, blue network, blue community, blue robot, blue communication, blue information, blue human, artificial intelligence, artificial intelligence, artificial intelligence, artificial intelligence, artificial intelligence, brain, robot, robot, robot, blue brain
| |

Canadian House of Commons targeted by SharePoint Toolshell cyberattack

Byinfosectoday.com

A cyberattack targeted the Canadian House of Commons on August 9, 2025, when threat actors exploited a recently disclosed Microsoft vulnerability to gain unauthorised access to sensitive employee information. This breach highlights the escalating cybersecurity challenges faced by Canada’s government institutions amid a growing threat landscape. An internal email obtained by CBC News revealed that House of Commons staff were informed about the data breach on the following Monday, which had occurred the previous Friday. The attackers successfully penetrated a database containing information used to manage computers and mobile devices within the parliamentary system. Compromised data included employees’ names, job titles, office locations, and email addresses, along with detailed information about House of Commons-managed devices. Malicious actors could potentially leverage this non-public information for targeted phishing campaigns, impersonation attacks, or further infiltration attempts against parliamentarians and staff.

While Canadian authorities have not officially disclosed the specific Microsoft vulnerability exploited in the attack, cybersecurity experts have pointed to several recent critical flaws that have been actively targeted. The timing of the breach coincided with widespread exploitation of CVE-2025-53770, a critical SharePoint Server vulnerability with a CVSS score of 9.8. Dubbed “ToolShell” by researchers, this flaw allows unauthenticated attackers to achieve remote code execution on on-premises SharePoint servers through unsafe deserialization of untrusted data. Canada’s Communications Security Establishment (CSE) confirmed its awareness of the incident and is collaborating with the House of Commons to provide support. However, officials have struggled to identify the specific threat actors responsible for the breach. The House of Commons has urged all employees and members to remain vigilant, warning that the stolen information could be exploited in scams or used to target and impersonate parliamentarians. This incident occurs against a backdrop of intensifying cyber threats targeting Canadian government institutions, as highlighted in the latest National Cyber Threat Assessment 2025-2026, which reveals an “expanding and complex cyber threat landscape” with increasingly aggressive state and non-state actors. 

Similar Posts