Postgres and Open Source Experts

The July 31st advisory from CISA and the U.S. Coast Guard (AA25-212A) is less about what happened and more about what could have. A proactive threat hunt at a U.S. critical infrastructure organization revealed no active compromise, but it uncovered systemic weaknesses like insecure credentials, unrestricted remote access, and insufficient monitoring. This is a textbook case of “security theater”: policies and tools on paper, without enforcement in practice. The takeaway is clear: no evidence of compromise is not the same as no risk.

A modern approach to IT observability inspired by hazard analysis. Learn how to improve system reliability, reduce monitoring complexity, and proactively manage service risks through Critical Control Points.

A critical, newly disclosed, and actively exploited vulnerability, CVE-2025-53770, affects all self-hosted / on-premises Microsoft SharePoint Server versions. This critical issue does not impact SharePoint Online (Microsoft 365).

The exploit enables attackers to:

• Bypass authentication
• Install persistent backdoors
• Launch ransomware
• Steal sensitive data

Immediate Steps to Take:

• Patch all on-premises SharePoint servers immediately following Microsoft guidance
• Disconnect unpatched servers from the Internet immediately
• For versions older than SharePoint 2016: …