Canada’s House of Commons has launched an investigation after a cyberattack potentially exposed sensitive staff data, raising questions about whether recently discovered Microsoft vulnerabilities played a role.
According to national media reports, an internal email to parliamentary employees revealed that attackers managed to enter a database containing staff information. The data included names, work emails, job titles, office locations, and details about computers and mobile devices connected to the House of Commons network.
The House of Commons and Canada’s Communications Security Establishment (CSE) are now examining the incident. In a public statement, CSE emphasized that attributing a cyberattack is complex and requires time, resources, and caution before drawing conclusions. In the meantime, staff have been urged to remain alert to suspicious messages or unusual activity.
Possible Link to Microsoft Vulnerabilities
Although officials have not confirmed the exact flaw that was exploited, the mention of a “recent Microsoft vulnerability” has led to speculation. In recent weeks, Canada’s Cyber Centre issued warnings about two critical Microsoft security issues:
- CVE-2025-53770 (“ToolShell”): A flaw in Microsoft SharePoint servers that has been actively exploited since July. It allows attackers to gain unauthorized access
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: