Brief #114: Microsoft SharePoint Zero-Day, Amazon AI Hacked, 97% AI Incidents

Happy Sunday!

A new study shows 70% of third-party risk management programs are understaffed by nearly 30%. It's almost like we're setting ourselves up for failure. We know human factors matter, but we're not investing in the human resources to actually manage those risks properly.

In this week's brief:

• SharePoint servers are under active attack through a zero-day vulnerability chain with no patch available yet
• TPRM programs are significantly understaffed just as regulatory pressures are intensifying
• AI security incidents are hitting 97% of organizations, and it turns out it's really all about API security

The thread connecting these stories? We're dealing with complex, interconnected risks that require both technical solutions and adequate staffing to manage effectively.

Here's my question for you this week: If you had to choose between hiring one more security analyst or one more vendor risk specialist, which would have bigger impact on your organization's security posture right now?

Industry News

Microsoft SharePoint Servers Under Attack Through Zero-Day Vulnerability Chain

• Eye Security detected active exploitation of a new SharePoint RCE vulnerability chain dubbed "ToolShell" (CVE-2025-53770), allowing attackers to compromise systems without authentication by exploiting vulnerabilities in the ToolPane.aspx component.

• Attackers deploy a malicious ASPX file that extracts MachineKey configurations, enabling them to generate valid ViewState payloads for complete remote code execution using tools like ysoserial.

• Microsoft has acknowledged the vulnerability but has not released a patch; organizations should isolate affected servers, scan for the malicious spinstall0.aspx file, and rotate all credentials that may have been exposed.

Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent

• A hacker compromised Amazon's AI coding assistant 'Q' by adding code that instructed the software to "clean a system to a near-factory state and delete file-system and cloud resources," which Amazon then released to users.

• The attacker claimed they gained access by simply submitting a pull request to the tool's GitHub repository, highlighting significant security gaps in Amazon's code review and release process.

• While the wiping commands likely wouldn't have worked properly, the hacker stated they could have caused much more damage with their access and wanted to expose what they called Amazon's AI "security theater."

Nigerian Cybercrime Ring SilverTerrier Targets Aviation Executives With BEC Scams

• A long-running Nigerian cybercrime ring known as SilverTerrier is actively targeting transportation and aviation companies with sophisticated business email compromise (BEC) attacks, resulting in at least one customer suffering a six-figure financial loss.

• After compromising an executive's Microsoft 365 credentials, attackers quickly established look-alike domains and sent modified invoice demands to customers, revealing an extensive infrastructure with hundreds of phishing domains registered since 2012.

• BEC scams generated nearly $2.8 billion in losses last year, making them the second most costly form of cybercrime reported to the FBI, with victims having 72 hours to use the Financial Fraud Kill Chain to potentially recover stolen funds.

Leadership Insights

CyberCube Analysis Identifies 2% of Large Firms at Highest Scattered Spider Ransomware Risk

(https://insights.cybcube.com/en/firms-highest-scattered-spider-risk?ref=cybersecstats.com)

• Scattered Spider has resurfaced with renewed intensity, conducting 11 major attacks between April-July 2025 across retail, insurance, and airline industries, causing significant financial damage (up to $592 million to UK retailers alone).

• The threat actor exhibits a pattern of targeting multiple companies within one sector before moving to another, utilizing sophisticated social-engineering tactics to bypass authentication systems and infiltrate high-value corporate networks.

• CyberCube's Portfolio Threat Actor Intelligence (PTI) solution has identified Manufacturing, Education, IT, and Retail sectors as having the highest concentrations of potential targets for Scattered Spider attacks.

Thales Cloud Security Study Highlights Growing Complexity and Attack Surface

• Cloud security remains the top security spending priority for organizations, with 64% identifying it as a pressing discipline, yet 55% report that securing cloud environments is more complex than on-premises infrastructure – up 4% from last year.

• Four of the top five reported attack targets are cloud-based, with 68% of respondents citing credential and stolen secrets attacks as the fastest-growing cloud infrastructure attack vectors, while only 65% have implemented multifactor authentication.

• Organizations are placing more sensitive data in the cloud (54% of cloud data is now sensitive, up from 47% last year), but encryption practices remain inadequate, with tool sprawl complicating management as 57% use five or more key management systems.

Mitratech Study: Third-Party Risk Management Programs Understaffed and Underprepared

• Nearly 70% of TPRM programs are understaffed by about 29%, with organizations only managing 40% of their total vendor base on average – creating significant security blind spots for most companies.

• The involvement of compliance teams in TPRM has surged from 42% in 2023 to 88% in 2025, driven by increasing regulatory pressures, particularly around data privacy and operational resilience.

• While cybersecurity remains the most tracked third-party risk (85%), only 35% of organizations feel prepared for incident response, with 41% still relying on spreadsheets despite growing AI adoption (14% active implementation, 65% exploring).

Discover my collection of industry reports, guides and cheat sheets in Cyber Strategy OS

Career Development

Books Influencing Modern Cybersecurity Leadership Styles

• Top cybersecurity executives recommend books across multiple domains including risk measurement ("How to Measure Anything in Cybersecurity Risk"), decision-making psychology ("Thinking, Fast and Slow"), and social engineering ("The Art of Deception") to help security professionals improve technical and leadership capabilities.

• Many CISOs emphasize books on human factors in security, with recommendations focusing on understanding vulnerabilities in human behavior rather than just technical systems – highlighting works that explore deception techniques, ethical hacking perspectives, and the psychology behind security breaches.

• Leadership-focused recommendations extend beyond traditional management topics to include works on empathy and communication ("Dare to Lead," "Radical Candor"), with several security executives also valuing books that encourage work-life balance and personal fulfillment as crucial for sustainable security careers.

Cybersecurity Director Shares Salary Range and Work-Life Balance Details

• A director of a small incident response team (~10 people) reports earning between $145,000-$185,000 with variations based on sector, experience, location, and certifications, noting it took 25 years to reach this position.

• Entry-level Cybersecurity Analyst positions at their company start at $75K-$80K with a bachelor's degree, $85K-$90K with a master's, and typically reach $100K by year 4, with requirements including background checks and drug testing.

• The role offers exceptional training opportunities and flexibility for side projects, with work-life balance described as better than most cybersecurity positions except during major incidents when long hours are required.

Soft Skills Identified As Most Underrated Cybersecurity Asset In Reddit Discussion

• Learning to talk to people and demonstrating empathy were highlighted as critical skills in cybersecurity, with one commenter noting "People are not computers" and these soft skills being harder to learn than technical capabilities.

• Multiple cybersecurity professionals shared experiences where communication abilities proved more valuable than technical expertise, including one person who secured a junior position primarily based on soft skills rather than technical knowledge.

• Several commenters emphasized that effective stakeholder management is essential for implementing security measures, with one noting "you have to bring your whole org with you otherwise nothing will get done."

AI & Security

AI Security Is API Security: Key Issues Affecting Enterprise Protection

• 97% of organizations report security incidents related to generative AI, with approximately 90% of AI usage classified as "shadow AI" operating outside IT oversight.

• API vulnerabilities remain the primary attack vector for AI systems, with authorization flaws, authentication weaknesses, and parameter manipulation being the most common exploit paths.

• Effective AI security requires comprehensive discovery of all AI assets (including third-party integrations) and adoption of emerging frameworks like OWASP LLM Top 10 and ISO 42001.

2025 State of AI Report Highlights Key Trends in AI Product Development and Security

• The report reveals that hallucinations and explainability/trust are the top challenges when deploying AI models, with 39% and 38% of respondents citing these issues respectively, followed by proving ROI (34%).

• AI-native companies are progressing faster through development cycles than AI-enabled peers, with 47% of AI-native products already at scaling stage compared to just 13% of AI-enabled products.

• While 80% of companies rely on third-party AI APIs, high-growth organizations are increasingly developing proprietary models and implementing advanced security monitoring – 75% of scaled AI products now feature advanced performance monitoring with drift detection.

AI Agent Developer Identifies Three Critical Flaws in Current Agent Technology

• Despite building multiple successful production AI agent systems, the author highlights three fundamental limitations: error rates compound exponentially in multi-step workflows (95% reliability per step = 36% success over 20 steps), making autonomous complex workflows mathematically impossible at scale.

• Token economics create a significant barrier as context windows cause quadratic cost scaling – successful production agents are typically stateless, focused tools rather than the conversational agents being promoted.

• The challenge isn't in AI capabilities but in tool engineering – approximately 70% of effective agent systems require carefully designed feedback interfaces, context management, and handling partial failures in ways AI can understand.

Market Updates

Cybersecurity Startup Maro Secures $4.3M Seed Funding to Address Human Risk

• Maro's platform provides real-time behavioral interventions to address threats linked to human error, insider risk, and misuse of AI tools.

• Founded by cybersecurity veterans from multiple successful startups, Maro developed its solution with input from security leaders in FinTech, healthcare, and retail industries.

• The funding from Downing Capital Group will support team expansion, product development, and go-to-market efforts as Maro addresses challenges created by generative AI, remote work, and shadow SaaS.

22 Cybersecurity Startups To Watch, According To VCs

• VCs have identified 22 promising cybersecurity startups addressing challenges from vulnerabilities in software code to identity-based attacks, as cyber crime costs are projected to reach $10.5tn worldwide in 2025.

• Several standout companies focus on AI-powered solutions, including Galink (third-party risk), HelmGuard (security data aggregation), Lakera (protecting against prompt injection), and Harmonic Security (safeguarding sensitive data in generative AI).

• Key trends represented by these startups include identity protection, software supply chain security, and privacy-preserving data collaboration – with specialized solutions for industrial infrastructure and cloud environments.

GRC Firm Vanta Raises $150 Million at $4.15 Billion Valuation

• California-based Vanta has secured $150 million in Series D funding led by Wellington Management, bringing their total raised since 2021 to $504 million and increasing their valuation to $4.15 billion.

• Vanta's trust platform simplifies and centralizes compliance for organizations by integrating with hundreds of third-party tools for cloud infrastructure, version control, productivity, and identity services.

• The company announced new AI agents to help with security questionnaires and workflow automation, and plans to expand into third-party risk and government compliance with the new funding.

Tools

ThreatDown EDR

Powerfully simple endpoint security solution that takes down threats without interrupting business.

ocaml-yara

OCaml wrapper for YARA matching engine for malware identification

CloudMatos

An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity, leadership and AI updates, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz