#233 - Intel Chat: SharePoint, ToolShell, UK bans payment & cryptojacking

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community: https://community.limacharlie.com/

• A critical new SharePoint vulnerability is under mass exploitation, with attackers targeting on-premises SharePoint Server deployments to exfiltrate sensitive data, including authentication tokens: https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/
• Microsoft has now confirmed that at least three China-linked threat actors—Linen Typhoon, Violet Typhoon, and Storm-2603—were actively exploiting CVE-2025-49706 and CVE-2025-49704 a day before the company issued patches on July 8: https://www.darkreading.com/application-security/3-china-nation-state-actors-sharepoint-bugs
• The UK government announced on July 22, 2025, that it plans to make ransomware payments illegal for public sector bodies and operators of critical national infrastructure (CNI): https://www.securityweek.com/uks-ransomware-payment-ban-bold-strategy-or-dangerous-gamble/
• In-browser cryptocurrency mining, often called crypto jacking, originally gained notoriety in 2017 when Coinhive introduced JavaScript-based mining for Monero: https://cside.dev/blog/cryptojacking-is-dead-long-live-cryptojacking