Unpatched SharePoint flaws (CVE-2025-53770, CVE-2025-49704) cracked open the Kansas City National Security Campus in July. IT systems tied to 80% of U.S. non-nuclear weapons parts got compromised. Attackers—likely state-backed, Russian or Chinese—moved fast, hitting the zero-day RCE and spoofing bugs just three days after Microsoft shipped patches.
The deeper problem: IT and OT security are still running on parallel tracks. This breach just shoved zero trust to the top of the alignment agenda.
