Overview

• An unidentified threat actor exploited a recently disclosed Microsoft vulnerability to breach a House of Commons database used for managing computers and mobile devices.
• Employees’ names, job titles, office locations, email addresses and device-management details were exfiltrated, though officials have not disclosed how many staff were affected.
• The Communications Security Establishment has joined the probe, but attribution remains unconfirmed as investigators work to identify the responsible party.
• Authorities have withheld the exact flaw exploited to avoid compromising the ongoing investigation and to secure vulnerable systems across government networks.
• National threat reports identify Canada as a high-value target, with state-backed and criminal hackers increasingly exploiting zero-day Microsoft vulnerabilities against federal institutions.