A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.