News: 0179838096

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Foreign Hackers Breached a US Nuclear Weapons Plant Via SharePoint Flaws (csoonline.com)

(Monday October 20, 2025 @11:30PM (BeauHD) from the would-you-look-at-that dept.)


Foreign hackers [1]breached the National Nuclear Security Administration's Kansas City National Security Campus (KCNSC) by exploiting unpatched Microsoft SharePoint vulnerabilities. The intrusion happened in August and is possibly linked to either Chinese state actors or Russian cybercriminals. CSO Online notes that "roughly 80% of the non-nuclear parts in the nation's nuclear stockpile originate from KCNSC," making it "one of the most sensitive facilities in the federal weapons complex." From the report:

> The breach targeted a plant that produces the vast majority of critical non-nuclear components for US nuclear weapons under the NNSA, a semi-autonomous agency within the Department of Energy (DOE) that oversees the design, production, and maintenance of the nation's nuclear weapons. Honeywell Federal Manufacturing & Technologies (FM&T) manages the Kansas City campus under contract to the NNSA. [...] The attackers exploited two recently disclosed Microsoft SharePoint vulnerabilities -- CVE-2025-53770, a spoofing flaw, and CVE-2025-49704, a remote code execution (RCE) bug -- both affecting on-premises servers. Microsoft [2]issued fixes for the vulnerabilities on July 19.

>

> On July 22, the NNSA [3]confirmed it was one of the organizations hit by attacks enabled by the SharePoint flaws. "On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy," a DOE spokesperson said. However, the DOE contended at the time, "The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored." By early August, federal responders, including personnel from the NSA, were on-site at the Kansas City facility, the source tells CSO.



[1] https://www.csoonline.com/article/4074962/foreign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws.html

[2] https://www.microsoft.com/en-us/msrc/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/

[3] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack


Microsoft and Flaws! (Score:2)

by oldgraybeard ( 2939809 )

Pot and Kettle!

Re: Microsoft and Flaws! (Score:3)

by sziring ( 2245650 )

I just assumed all the systems have already been breached (for years). Some more critically than others. After all we ban white hat hacking and the ability to report flaws as bad for business.

Image software where they forced updates and broken the share point instead of gave away free access to sensitive data.

WTF, you inglorious mutant bastards! (Score:3)

by Tablizer ( 95088 )

If our nukes are connected to SharePoint, we might as well just push the Armageddon button now and git it over with!

Goddammit! You! Fucking! Idiots! #SharepointIsNottaRealProduct!

Here I thot the orange clown would finish us off, but instead it's fucking Microsoft, shouldda figgered

Clippy: (Score:3)

by Tablizer ( 95088 )

It looks like you are trying to end civilization. Here, let me help you...

Re: (Score:2)

by msauve ( 701917 )

If our nukes are connected to the public Internet, we might as well just push the Armageddon button now and git it over with!

FTFY.

"Flaws"? Seriously? (Score:2)

by gweihir ( 88907 )

Why are we trivialize Microsoft fuckups? This should be called gross negligence and total incompetence. They insecure crap has no place in any professionally managed IT.

homer simpson on patch duty! (Score:2)

by Joe_Dragon ( 2206452 )

homer simpson on patch duty!

Nuclear power plants make excellent targets (Score:2)

by jkechel ( 1101181 )

Nuclear power plants make excellent targets in wartime — that really helps all the other countries in the coming global climate wars. Just spread them out nicely and show them off proudly, please.

wait... weren't government entities supposed to ge (Score:2)

by Jayhawk0123 ( 8440955 )

1- wait... weren't government entities supposed to get first crack at patches?

2- And how in the fuck do you go unpatching a security vulnerability for so long?

(if you say "ohh there aren't any proof of concept out in the wild, so we don't need to worry about it" ... you're an idiot that needs to go back to school... the moment a patch is released, it gets reverse engineered to find out what was being patched... then that gets targeted... this usually happens in under 36 hours... where you go from patch bein

Re: (Score:2)

by HiThere ( 15173 )

But patching ASAP is also a bad idea. What you really need to do is

AVOID putting dangerous stuff on the web!!

Then you can take time to be sure that the "patch" isn't a real screw-up.

pphht fake news (Score:3)

by argStyopa ( 232550 )

Next you're going to tell me that Teams and OneDrive are shit too.

WTF (Score:3)

by johnnys ( 592333 )

A nuclear weapons facility running SHAREPOINT???!!!??

Hey, Pete Hegseth: This is your responsibility.

What a clown show...

Re: (Score:2)

by ArchieBunker ( 132337 )

You'll have that with DUI hires.

Oh well (Score:2)

by ArchieBunker ( 132337 )

Thoughts and prayers.

Basic is a high level languish. APL is a high level anguish.