All Posts
This week in...

This Week in Cloud Security: SharePoint Exploits, AI-Powered Identity, and Supply Chain Warnings

Posted
July 29, 2025
Read Time
0
minutes

Your No-Fluff Security Roundup | 18th - 25th July 2025

This week:

  • Microsoft SharePoint zero-day triggers global emergency mitigations
  • UK attributes Microsoft 365 hacks to Russian state actors
  • Amazon Q update compromised via software supply chain attack
  • Saviynt and AWS team up on AI-powered identity threat detection

Here’s what happened and why it actually matters.

🔎 Featured Story of the Week

Microsoft SharePoint Zero-Day Sparks Urgent Global Response

🔗Read more at SecurityBrief NZ

Microsoft is racing to contain active exploitation of SharePoint vulnerabilities, issuing mitigations for CVE-2025-23427.
The flaws allow attackers to gain persistent access via on-prem SharePoint servers.

Why this matters:

This is a live, high-risk exploit in widely deployed enterprise infrastructure. If you're running on-prem SharePoint, treat this as an active
threat, not just a patching task.

Sovereignty, Policy, & Public Sector Shake-ups

Microsoft: Fancy Bear targeted European think tanks

UK Blames Fancy Bear for Microsoft 365 Intrusions

🔗Read CSO Online

The UK government formally attributed Microsoft 365 cloud intrusions to APT28 (Fancy Bear), citing widespread targeting of political,
military, and think tank email accounts.

Why this matters:

Public attribution at this scale signals geopolitical tension ahead. Security teams across Europe should expect new scrutiny and
tighter regulatory expectations especially around identity and access.

Vendor Moves That Matter

Saviynt and AWS Partner on AI-Driven Identity Security

🔗Read SecurityBrief UK

Saviynt is integrating with AWS to power identity threat detection using machine learning and policy automation.

Why this matters:

Threat actors are scaling with AI. If your identity program isn’t adapting with contextual policy and real-time enforcement,
you’re falling behind.

Darktrace Acquires Mira Security for Deep Packet Visibility

🔗Read GlobeNewswire

Darktrace announced the acquisition of Mira Security to enhance visibility into encrypted network traffic and bolster its
AI-powered detection capabilities.

Why this matters:

As more threats hide in TLS, visibility gaps widen. This move sharpens Darktrace’s edge in environments where traffic decryption
is no longer optional.

Veracode Joins Wiz Integration Network

🔗Read BusinessWire

Veracode has joined the Wiz Integration Network (WIN), aiming to eliminate application-to-cloud security blind spots.

Why this matters:

Security teams don’t want 10 dashboards, they want connected insight. AppSec tools that talk to cloud posture tools are moving
from “nice-to-have” to baseline.

Sysdig Eyes $1B ARR, with India Driving Growth

🔗Read Entrepreneur

Sysdig expects to hit $1B in annual recurring revenue, with India driving 30% of that growth. The expansion focuses on runtime
security and open-source adoption.

Why this matters:

This isn’t just a growth story, it’s a signal. APAC is now a frontline for CNAPP vendors, and open-source security tools are driving
the adoption curve.

Bugs, Breaches & Fixes of the Week

Amazon Q Update Infected by Malicious Code

🔗Read CSO Online

A hacker inserted destructive code into an Amazon Q update, reportedly via a dependency injection during deployment.
Amazon contained the breach quickly but the delivery path is raising alarm bells.

Why this matters:

Even cloud giants aren’t immune to supply chain tampering. This breach reinforces the need for hardened build pipelines,
especially for products rolling out via AI agents and automation.

Zero-Day Oracle Cloud Editor Flaw Exposes RCE Risk

🔗Read SecurityBrief AU

Tenable uncovered a critical RCE flaw in Oracle’s Cloud Editor, allowing unauthenticated attackers to run code via a poorly
validated file import feature.

Why this matters:

RCE in a dev tool means attackers can skip identity controls and jump straight to execution. This is the kind of vulnerability attackers
love and defenders hate to discover late.

SharePoint Zero-Day Mitigation Rolling Out Globally

🔗Read Microsoft Security Blog

Microsoft confirmed active exploitation of a SharePoint vulnerability and issued emergency mitigations. Admins are urged to review
logs and apply hardening steps immediately.

Why this matters:

This isn’t just a bulletin, it’s an escalation. Expect threat actors to automate exploitation now that mitigations are public. Move fast or
risk being part of next week’s breach roundup.

🧠 TL;DR: What This Week Tells Us

📉 On-prem software like SharePoint remains a glaring weakness
⚠️ Supply chain attacks are hitting mainstream cloud products
🔐 AI is quickly becoming the backbone of identity and access security
🤝 Vendor integrations are tightening…visibility gaps won’t be tolerated
🌏 APAC is emerging as a cloud security growth engine and battleground

The bottom line: Cloud security is shifting fast - driven by AI, targeted by nation-state actors, and exposed through legacy infrastructure.
Staying ahead means rethinking visibility, velocity, and vendor alignment.

Find your Tribe

Membership is by approval only. We'll review your LinkedIn to make sure the Tribe stays community focused, relevant and genuinely useful.

To join, you’ll need to meet these criteria:

> You are not a vendor, consultant, recruiter or salesperson

> You’re a practitioner inside a business (no consultancies)

> You’re based in Australia or New Zealand