This Week in Cloud Security: SharePoint Exploits, AI-Powered Identity, and Supply Chain Warnings

Your No-Fluff Security Roundup | 18th - 25th July 2025

This week:

• Microsoft SharePoint zero-day triggers global emergency mitigations
• UK attributes Microsoft 365 hacks to Russian state actors
• Amazon Q update compromised via software supply chain attack
• Saviynt and AWS team up on AI-powered identity threat detection

Here’s what happened and why it actually matters.

‍

🔎 Featured Story of the Week

‍

Microsoft SharePoint Zero-Day Sparks Urgent Global Response

🔗Read more at SecurityBrief NZ

Microsoft is racing to contain active exploitation of SharePoint vulnerabilities, issuing mitigations for CVE-2025-23427.
The flaws allow attackers to gain persistent access via on-prem SharePoint servers.

Why this matters:

This is a live, high-risk exploit in widely deployed enterprise infrastructure. If you're running on-prem SharePoint, treat this as an active
threat, not just a patching task.

‍

Sovereignty, Policy, & Public Sector Shake-ups

UK Blames Fancy Bear for Microsoft 365 Intrusions

🔗Read → CSO Online

The UK government formally attributed Microsoft 365 cloud intrusions to APT28 (Fancy Bear), citing widespread targeting of political,
military, and think tank email accounts.

Why this matters:

Public attribution at this scale signals geopolitical tension ahead. Security teams across Europe should expect new scrutiny and
tighter regulatory expectations especially around identity and access.

‍

Vendor Moves That Matter

Saviynt and AWS Partner on AI-Driven Identity Security

🔗Read → SecurityBrief UK

Saviynt is integrating with AWS to power identity threat detection using machine learning and policy automation.

Why this matters:

Threat actors are scaling with AI. If your identity program isn’t adapting with contextual policy and real-time enforcement,
you’re falling behind.

‍

Darktrace Acquires Mira Security for Deep Packet Visibility

🔗Read → GlobeNewswire

Darktrace announced the acquisition of Mira Security to enhance visibility into encrypted network traffic and bolster its
AI-powered detection capabilities.

Why this matters:

As more threats hide in TLS, visibility gaps widen. This move sharpens Darktrace’s edge in environments where traffic decryption
is no longer optional.

‍

Veracode Joins Wiz Integration Network

🔗Read → BusinessWire

Veracode has joined the Wiz Integration Network (WIN), aiming to eliminate application-to-cloud security blind spots.

Why this matters:

Security teams don’t want 10 dashboards, they want connected insight. AppSec tools that talk to cloud posture tools are moving
from “nice-to-have” to baseline.

‍

Sysdig Eyes $1B ARR, with India Driving Growth

🔗Read → Entrepreneur

Sysdig expects to hit $1B in annual recurring revenue, with India driving 30% of that growth. The expansion focuses on runtime
security and open-source adoption.

Why this matters:

This isn’t just a growth story, it’s a signal. APAC is now a frontline for CNAPP vendors, and open-source security tools are driving
the adoption curve.

‍

Bugs, Breaches & Fixes of the Week

Amazon Q Update Infected by Malicious Code

🔗Read → CSO Online

A hacker inserted destructive code into an Amazon Q update, reportedly via a dependency injection during deployment.
Amazon contained the breach quickly but the delivery path is raising alarm bells.

Why this matters:

Even cloud giants aren’t immune to supply chain tampering. This breach reinforces the need for hardened build pipelines,
especially for products rolling out via AI agents and automation.

‍

Zero-Day Oracle Cloud Editor Flaw Exposes RCE Risk

🔗Read → SecurityBrief AU

Tenable uncovered a critical RCE flaw in Oracle’s Cloud Editor, allowing unauthenticated attackers to run code via a poorly
validated file import feature.

Why this matters:

RCE in a dev tool means attackers can skip identity controls and jump straight to execution. This is the kind of vulnerability attackers
love and defenders hate to discover late.

‍

SharePoint Zero-Day Mitigation Rolling Out Globally

🔗Read → Microsoft Security Blog

Microsoft confirmed active exploitation of a SharePoint vulnerability and issued emergency mitigations. Admins are urged to review
logs and apply hardening steps immediately.

Why this matters:

This isn’t just a bulletin, it’s an escalation. Expect threat actors to automate exploitation now that mitigations are public. Move fast or
risk being part of next week’s breach roundup.

‍

🧠 TL;DR: What This Week Tells Us

📉 On-prem software like SharePoint remains a glaring weakness
⚠️ Supply chain attacks are hitting mainstream cloud products
🔐 AI is quickly becoming the backbone of identity and access security
🤝 Vendor integrations are tightening…visibility gaps won’t be tolerated
🌏 APAC is emerging as a cloud security growth engine and battleground

The bottom line: Cloud security is shifting fast - driven by AI, targeted by nation-state actors, and exposed through legacy infrastructure.
Staying ahead means rethinking visibility, velocity, and vendor alignment.

‍

‍