Canadian House of Commons probes cyberattack linked to Microsoft vulnerability

The House of Commons of Canada is investigating a cyberattack that compromised employee data after a threat actor reportedly exploited a Microsoft security flaw to infiltrate parliamentary systems on Friday.

According to CBC News, staff members were notified of the breach on Monday via email. The internal alert revealed that the attacker gained access to a database used to manage House of Commons computers and mobile devices, stealing sensitive but non-public information, including employee names, job titles, office locations, and email addresses.

Employees and members of Parliament were cautioned to watch for possible fraudulent activity, including impersonation attempts and scams that could leverage the stolen data. The House of Commons is working with the Communications Security Establishment (CSE), Canada’s national security agency, to determine the scope and impact of the breach.

The CSE told CBC News that it was too early to identify those responsible, noting that cyberattack attribution is a complex process requiring time and significant investigative resources. Neither the House of Commons nor CSE responded to requests for comment from BleepingComputer.

Authorities have not disclosed the exact Microsoft vulnerability exploited in the incident. However, the Canadian Centre for Cyber Security recently urged IT professionals to secure systems against two critical Microsoft flaws: CVE-2025-53770, a Microsoft SharePoint Server vulnerability known as ToolShell, and CVE-2025-53786, a high-severity Microsoft Exchange bug.

ToolShell has been under active, widespread exploitation since early July, with targets ranging from U.S. federal agencies to government networks in Europe and the Middle East. The Microsoft Exchange flaw prompted the U.S. Cybersecurity and Infrastructure Security Agency to issue an emergency directive last week requiring all non-military executive branch agencies to apply mitigations over the weekend, warning of potential “total domain compromise” if left unpatched.

Security monitoring service Shadowserver reported Monday that more than 29,000 Exchange servers remain unpatched worldwide against CVE-2025-53786, including more than 800 in Canada.