On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Did the SharePoint bug leak out of the Microsoft MAPP program?
• Expel retracts its FIDO bypass writeup
• The mess surrounding the women-only dating-safety app Tea gets worse
• Broadcom customers struggle to get patches for VMWare hypervisor escapes
• Aeroflot gets hacked by the Cyber Partisans, disrupting flights

This week’s episode is sponsored by Push Security. Satisfied Push customer Daniel Cuthbert from Santander Bank joins on their behalf. He explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future.

Show Notes:

Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers https://www.bloomberg.com/news/articles/2025-07-25/microsoft-sharepoint-hack-probe-on-whether-chinese-hackers-found-flaw-via-alert

Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks

What we know about the Microsoft SharePoint attacks | Cybersecurity Dive https://www.cybersecuritydive.com/news/what-we-know-microsoft-sharepoint-attacks/753961/

An important update (and apology) on our PoisonSeed blog https://expel.com/blog/an-important-update-and-apology-on-our-poisonseed-blog/

Tea User Files Class Action After Women’s Safety App Exposes Data https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/

A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/

Top Lawyer for National Security Agency Is Fired https://www.nytimes.com/2025/07/29/us/politics/nsa-lawyer-fired.html

From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944?linkId=15878871

VMware prevents some perpetual license holders from downloading patches https://www.theregister.com/2025/07/23/vmware_patch_download_problems/

Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica https://arstechnica.com/security/2025/07/pro-ukrainian-hackers-take-credit-for-attack-that-snarls-russian-flight-travel/

КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v https://www.by.cpartisans.org/post/kiberudar-po-ajeroflotu-rf

Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive https://www.cybersecuritydive.com/news/north-korea-remote-it-worker-sanctions/754087/

Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop https://statescoop.com/st-paul-mn-cyberattack-walz-national-guard/

Outage was result of cyberattack, Post Luxembourg says https://www.luxtimes.lu/luxembourg/post-luxembourg-outage-caused-by-a-targeted-cyberattack-firm-confirms/80019668.html

Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive https://www.cybersecuritydive.com/news/clorox-380-million-suit-cognizant-cyberattack/753837/

Cisco network access security platform vulnerabilities under active exploitation | CyberScoop https://cyberscoop.com/cisco-identity-services-engines-active-exploits/

Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News https://therecord.media/arizona-woman-sentenced-north-korean-laptop-farm

Cybercrime forum Leak Zone publicly exposed its users’ IP addresses | TechCrunch https://techcrunch.com/2025/07/24/cybercrime-forum-leak-zone-publicly-exposed-its-users-ip-addresses/