Critical Threat Intelligence & Advisory Summaries
CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA). The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs.
CISA is aware of a post-authentication vulnerability (CVE-2025-53786) in Microsoft Exchange hybrid-joined configurations that allows an attacker to move laterally from on-premises Exchange to the M365 cloud environment. This vulnerability poses grave risk to all organizations.
Active exploitation of vulnerability affecting Microsoft Office SharePoint Server products in the UK
Microsoft has published a security advisory detailing a vulnerability affecting on-premises SharePoint Server instances. Microsoft and the NCSC are aware that an exploit for this vulnerability exists in the wild and have observed active attacks.
The Russian state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft through a successful compromise of Microsoft corporate email accounts.
The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-29927) affecting the Next.js framework used to build web applications.