MSTIC blog on Sharepoint exploitation

At least 3 actors exploiting CVE-2025-49706 & CVE-2025-49704 as early as July 7:
Linen Typhoon
Violet Typhoon
Storm-2603 (CN-based actor deployed Warlock & Lockbit ransomware in past - current motivation unknown)https://t.co/IgEp6yxx3B

— Christopher Glyer (@cglyer) July 22, 2025

"Branchless Programming" is a term used to describe a programming style that improves performance by avoiding branches (e.g. if statements and similar). One of the most common branchless tricks is to use multiplication in place of an if statement: pic.twitter.com/nVi3acoZXN

— Nic Barker (@nicbarkeragain) July 22, 2025

US Army learning how to drop grenades from drones https://t.co/XY2cQ5mFgM pic.twitter.com/x8LE9Qd4Uw

— OSINT Gorilla (@GorillaOSINT) July 21, 2025

Hackers reportedly breached the National Nuclear Security Administration and other parts of the Department of Energy through the Microsoft SharePoint vulnerability. https://t.co/ocYSWgg4MW pic.twitter.com/jdsuDZb8Md

— Eric Geller (@ericgeller) July 23, 2025

Update: the Mattress salesman is great at finding bugs. https://t.co/xT9a8iMjTM pic.twitter.com/tzYRj5EXqT

— AIfredo 0rtega (@ortegaalfredo) July 22, 2025

From a very detailed exploration of securing protection relays in a modern digital substation: https://t.co/Mb41x7eGsO pic.twitter.com/V8VLC8wNgc

— Ravi Nayyar (@ravirockks) July 23, 2025

For years, Sacramento has been running an illegal scheme using power meters for mass surveillance. Last week, we asked for a court order to stop this practice for good. https://t.co/ls2RwHvG6G

— EFF (@EFF) July 22, 2025

Per French authorities — the suspected administrator of XSS has been arrested in Ukraine https://t.co/ZAqIyvWeWX

— vx-underground (@vxunderground) July 23, 2025