CISA is aware of a post-authentication vulnerability (CVE-2025-53786) in Microsoft Exchange hybrid-joined configurations that allows an attacker to move laterally from on-premises Exchange to the M365 cloud environment. This vulnerability poses grave risk to all organizations.
The Russian state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft through a successful compromise of Microsoft corporate email accounts.
Active exploitation of vulnerability affecting Microsoft Office SharePoint Server products in the UK
Microsoft has published a security advisory detailing a vulnerability affecting on-premises SharePoint Server instances. Microsoft and the NCSC are aware that an exploit for this vulnerability exists in the wild and have observed active attacks.
The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-29927) affecting the Next.js framework used to build web applications.
FAQs
The SEC cybersecurity disclosure rules and EU NIS2 Directive require organisations to strengthen incident reporting, cyber risk governance, supply chain security, and executive accountability. In 2026, affected organisations must rapidly report significant cyber incidents, maintain documented risk management processes, and demonstrate stronger operational resilience and vulnerability management practices.