Canada's House of Commons has allegedly been hit by a cyber attack caused by a threat actor who is targeting employee information, reports Security Affairs.
The unknown attacker has reportedly gained unauthorized access to a database that contains information on House of Commons-managed mobile devices and computers and employees names, office locations, job titles, and email addresses. The attack may be linked to a Microsoft SharePoint zero-day vulnerability, CVE-2025-53770, which allows deserialization of untrusted data and remote code execution. Canadas Communications Security Establishment is assisting the House of Commons in investigating the breach. The stolen data could be misused for scams, impersonation, or further attacks. Members and staff have been encouraged to stay alert. Canada has been facing rising cyber threats for the past two years from both criminal groups and state actors. Recent attacks have targeted utilities, such as Nova Scotia Power, and airlines, such as Air Canada and WestJet.
The unknown attacker has reportedly gained unauthorized access to a database that contains information on House of Commons-managed mobile devices and computers and employees names, office locations, job titles, and email addresses. The attack may be linked to a Microsoft SharePoint zero-day vulnerability, CVE-2025-53770, which allows deserialization of untrusted data and remote code execution. Canadas Communications Security Establishment is assisting the House of Commons in investigating the breach. The stolen data could be misused for scams, impersonation, or further attacks. Members and staff have been encouraged to stay alert. Canada has been facing rising cyber threats for the past two years from both criminal groups and state actors. Recent attacks have targeted utilities, such as Nova Scotia Power, and airlines, such as Air Canada and WestJet.
