Colt Technical Services suffered a ransomware attack by the Warlock group through an unpatched SharePoint server vulnerability (CVE-2025-53770). Despite initial patching, attackers had already installed a webshell for persistent access. The incident highlights critical lessons about transparency in crisis communication, the risks of running on-premises SharePoint, and the importance of attack surface management. The company's delayed disclosure allowed threat actors to leak customer data on dark web forums before proper incident response messaging began.
Sort: