CISA: Microsoft SharePoint RCE Flaw Now Actively Exploited

Plus, lawyers are starting to train artificial intelligence how to think like a lawyer.

Good morning! Here’s what’s up.

People

Vasu Jakkal announced in a LinkedIn post that she is stepping down as Microsoft‘s vice president of security, compliance, identity, management and privacy, after serving six years in the role.

Clips ✂️

CISA: Microsoft SharePoint RCE flaw now actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability.

Tracked as CVE-2026-45659, this security flaw stems from a deserialization of untrusted data weakness, and it allows attackers with low privileges to execute arbitrary code on unpatched SharePoint servers in low-complexity attacks that don't require user interaction.

"Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server," Microsoft explains.

"The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component."

by Bleeping Computer

Lawyers Are Training AI How to Think Like Them

When arbitrator Jessica Crutcher logs off after a day of hearing disputes, she starts a graveyard shift training AI models.

She gets the work through Mercor, a company that hires subject-matter experts to train artificial intelligence systems. She often spends hours staring at the walls of her home office, dreaming up legal problems that machines can't easily solve, at least not yet. One week, she's inventing a lawsuit over oil and gas trading; the next, she's writing an asylum case. She prompts the model and then reviews its responses.

Lawyers have been told AI is coming for some of their work. Before that can happen, though, many are getting paid to teach it.

by Business Insider

Employers who laid off workers citing AI are already starting to regret it

Companies are rapidly changing their minds that artificial intelligence can “do it all” by rehiring employees to propel their businesses forward, as investors fret over the longevity of the ongoing AI boom happening in the financial markets.

Automaker Ford is one of the latest companies to reverse course. It is reportedly reemploying hundreds of experienced human engineers to work on quality issues automated systems couldn’t address. “Artificial intelligence is a fantastic tool, but it’s only as good as the information you use to train it,” Charles Poon, Ford’s vice president of vehicle hardware engineering, told the media.

Other companies that have walked back their hiring plans to focus more on human capital include Commonwealth Bank of Australia and software giant IBM.

by CNBC

The endpoint recovery gap many teams discover during an incident

In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once.

Haas walks through what a well-planned recovery looks like, where the bottlenecks appear, and why restoring trusted user access matters more than counting blocked threats. He also shares how security leaders can convince a CFO to fund recovery capability before an incident proves it was worth the spend.

by Help Net Security

Can Corporations Survive the Age of AI?

The greatest threat facing business today is not artificial intelligence. It is the illusion that AI is the whole challenge. Across the world, corporate boards are demanding AI strategies, CEOs are announcing AI initiatives, consultants are selling transformation programs, and investors are rewarding companies that present themselves as leaders in this new, emerging technology.

Yet many of these efforts address symptoms rather than causes. AI is not simply changing how companies operate. It is changing what a company fundamentally is. The real question is not whether corporations will use AI, but whether corporations designed for the industrial age can survive the intelligent age.

The corporation was designed for a world in which information moved slowly, markets changed gradually, and competitive advantage could be defended for years. That world has gone.

by Time

Artificial Intelligence, Privilege, and Work Product: Emerging Risks in the Life Sciences Industry

Introduction

As artificial intelligence (AI) use has become prevalent in nearly every stage of litigation, including pre-litigation efforts, courts and litigants alike have encountered challenges applying longstanding doctrine to new technology. Recent decisions indicate that courts disagree on whether communications with generative AI tools are more like disclosures to a third party or more like the use of traditional word-processing tools. In particular, courts are grappling with whether disclosure of sensitive information to publicly available AI platforms constitutes disclosure to a “third party” sufficient to waive attorney-client privilege or undermine attorney work-product protection.

These developments are especially significant for life sciences companies, which routinely handle highly confidential and proprietary information, including intellectual property, trade secrets, clinical research, regulatory strategy, and commercially sensitive data. Because legal advice in the life sciences sector is often deeply intertwined with technical and scientific information, the use of AI tools in connection with legal and business decision-making presents heightened discovery and confidentiality risks.

by Arnold & Porter

X