This Week in Cloud Security: SharePoint Exploits, AI-Powered Identity, and Supply Chain Warnings

Your No-Fluff Security Roundup | 18th - 25th July 2025

This week:

• Microsoft SharePoint zero-day triggers global emergency mitigations
• UK attributes Microsoft 365 hacks to Russian state actors
• Amazon Q update compromised via software supply chain attack
• Saviynt and AWS team up on AI-powered identity threat detection

Here’s what happened and why it actually matters.

🔎 Featured Story of the Week

‍

Microsoft SharePoint Zero-Day Sparks Urgent Global Response

🔗Read more at SecurityBrief NZ

Microsoft is racing to contain active exploitation of SharePoint vulnerabilities, issuing mitigations for CVE-2025-23427. The flaws allow attackers to gain persistent access via on-prem SharePoint servers.‍

Why this matters:
This is a live, high-risk exploit in widely deployed enterprise infrastructure. If you're running on-prem SharePoint, treat this as an active threat, not just a patching task.

Sovereignty, Policy, & Public Sector Shake-ups

UK Blames Fancy Bear for Microsoft 365 Intrusions

🔗Read → CSO Online

The UK government formally attributed Microsoft 365 cloud intrusions to APT28 (Fancy Bear), citing widespread targeting of political, military, and think tank email accounts.

‍Why this matters:
‍Public attribution at this scale signals geopolitical tension ahead. Security teams across Europe should expect new scrutiny and tighter regulatory expectations especially around identity and access.

Vendor Moves That Matter

Saviynt and AWS Partner on AI-Driven Identity Security

🔗Read → SecurityBrief UK

Saviynt is integrating with AWS to power identity threat detection using machine learning and policy automation.

‍Why this matters:
‍Threat actors are scaling with AI. If your identity program isn’t adapting with contextual policy and real-time enforcement, you’re falling behind.

Darktrace Acquires Mira Security for Deep Packet Visibility

🔗Read → GlobeNewswire

Darktrace announced the acquisition of Mira Security to enhance visibility into encrypted network traffic and bolster its AI-powered detection capabilities.

‍Why this matters:
‍As more threats hide in TLS, visibility gaps widen. This move sharpens Darktrace’s edge in environments where traffic decryption is no longer optional.

Veracode Joins Wiz Integration Network

🔗Read → BusinessWire

Veracode has joined the Wiz Integration Network (WIN), aiming to eliminate application-to-cloud security blind spots.

‍Why this matters:
‍Security teams don’t want 10 dashboards, they want connected insight. AppSec tools that talk to cloud posture tools are moving from “nice-to-have” to baseline.

Sysdig Eyes $1B ARR, with India Driving Growth

🔗Read → Entrepreneur

Sysdig expects to hit $1B in annual recurring revenue, with India driving 30% of that growth. The expansion focuses on runtime security and open-source adoption.

‍Why this matters:
‍This isn’t just a growth story, it’s a signal. APAC is now a frontline for CNAPP vendors, and open-source security tools are driving the adoption curve.

Bugs, Breaches & Fixes of the Week

Amazon Q Update Infected by Malicious Code

🔗Read → CSO Online

A hacker inserted destructive code into an Amazon Q update, reportedly via a dependency injection during deployment. Amazon contained the breach quickly but the delivery path is raising alarm bells.

‍Why this matters:
‍Even cloud giants aren’t immune to supply chain tampering. This breach reinforces the need for hardened build pipelines, especially for products rolling out via AI agents and automation.

Zero-Day Oracle Cloud Editor Flaw Exposes RCE Risk

🔗Read → SecurityBrief AU

Tenable uncovered a critical RCE flaw in Oracle’s Cloud Editor, allowing unauthenticated attackers to run code via a poorly validated file import feature.

‍Why this matters:
‍RCE in a dev tool means attackers can skip identity controls and jump straight to execution. This is the kind of vulnerability attackers love and defenders hate to discover late.

SharePoint Zero-Day Mitigation Rolling Out Globally

🔗Read → Microsoft Security Blog

Microsoft confirmed active exploitation of a SharePoint vulnerability and issued emergency mitigations. Admins are urged to review logs and apply hardening steps immediately.

‍Why this matters:
‍This isn’t just a bulletin, it’s an escalation. Expect threat actors to automate exploitation now that mitigations are public. Move fast or risk being part of next week’s breach roundup.

🧠 TL;DR: What This Week Tells Us

📉 On-prem software like SharePoint remains a glaring weakness
⚠️ Supply chain attacks are hitting mainstream cloud products
🔐 AI is quickly becoming the backbone of identity and access security
🤝 Vendor integrations are tightening…visibility gaps won’t be tolerated
🌏 APAC is emerging as a cloud security growth engine and battleground

The bottom line: Cloud security is shifting fast - driven by AI, targeted by nation-state actors, and exposed through legacy infrastructure. Staying ahead means rethinking visibility, velocity, and vendor alignment.

‍

‍