Unbreakable Ventures
Unbreakable Ventures
Nuclear Codes | Risk Updates for Weeks of 14th - 28th July '25
0:00
-15:24

Nuclear Codes | Risk Updates for Weeks of 14th - 28th July '25

Threat concerns this week: Downed SharePoint servers cause nuclear threat. AI used in courts influence decisions. Plus quick snippets.

Hello 👋 get a brew on because these are the top emerging risks between July 14th, and 28th, 2025…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Technological: Chinese Hackers Breach US Nuclear Weapons Agency

  • Chinese state-sponsored hackers breached the U.S. National Nuclear Security Administration using Microsoft SharePoint zero-day vulnerabilities known as "ToolShell".

  • Over 400 servers compromised globally including government agencies, banks, universities, and critical infrastructure across multiple continents.

  • Attackers stole cryptographic machine keys enabling persistent access that survives patching and system reboots.

  • No classified nuclear information was stolen as sensitive systems are air-gapped, but the breach demonstrates sophisticated adversaries' ability to penetrate critical infrastructure.

  • Emergency patches available but organisations must also rotate machine keys and implement additional security measures to prevent reinfection.

We reported on this zero-day exploit in more detail here >

Sources

You should be concerned if…

  • Your organisation runs on-premises SharePoint servers: Only self-hosted SharePoint installations are vulnerable, not Microsoft 365 cloud versions.

  • You're in critical infrastructure, government, healthcare, or finance: These sectors have been primary targets in the global campaign with documented breaches across federal agencies, banks, and hospitals.

  • Your SharePoint servers are internet-accessible: Attackers specifically target publicly exposed SharePoint instances to exploit the authentication bypass vulnerability.

  • You haven't applied July 2025 security updates: Organisations running unpatched SharePoint 2016, 2019, or Subscription Edition face immediate compromise risk.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Apply Emergency Patches Immediately
  • Deploy Microsoft's security updates for SharePoint Server 2016, 2019, and Subscription Edition released July 21, 2025, addressing CVE-2025-53770 and CVE-2025-53771.

Rotate Machine Keys Before and After Patching
  • Change ASP.NET ValidationKey and DecryptionKey in SharePoint's web.config files twice—once before patching and once after—to invalidate any stolen cryptographic keys.

Enable Microsoft Defender Integration
  • Configure Antimalware Scan Interface (AMSI) with Microsoft Defender Antivirus on all SharePoint servers to block exploitation attempts even on unpatched systems.

Hunt for Compromise Indicators
  • Search for "spinstall0.aspx" files in SharePoint layouts directories and monitor for w3wp.exe processes spawning encoded PowerShell commands as signs of successful breach.

Disconnect Vulnerable Systems
  • If immediate patching isn't possible, disconnect internet-facing SharePoint servers until security updates can be applied to prevent ongoing exploitation.


2. Societal: AI Errors Infiltrate US Court System

  • First known judicial ruling based on AI-generated fake legal cases occurred in Georgia divorce dispute, with trial judge issuing order citing completely fabricated precedent.

  • 95 documented cases of AI hallucinations in U.S. court filings since June 2023, with 58 occurring in 2025 alone, affecting major law firms and government prosecutors.

  • Only two states require judges to be "tech competent" regarding AI despite widespread use of AI tools by lawyers and self-represented litigants.

  • Legal experts warn problem will accelerate as overwhelmed courts rely on lawyer-drafted orders while AI tools flood system with more filings.

  • Systemic threat to judicial integrity as fabricated precedent could influence future wrongful convictions and erode public trust in legal system.

Sources

You should be concerned if…

  • You're involved in active legal proceedings: Your case could be decided based on fabricated legal precedents that lawyers haven't properly verified, especially in family law, civil disputes, or criminal matters.

  • You work in the legal system as a judge, clerk, or court staff: Most judicial officers have received no training on detecting AI hallucinations despite their increasing prevalence in court filings.

  • You rely on legal AI tools for research or practice: Even premium legal AI platforms marketed as "accurate" are producing fake citations and cases at alarming rates.

  • You're in jurisdictions with overwhelmed courts: Heavy case loads and reliance on lawyer-drafted orders create perfect conditions for AI-generated errors to slip through judicial review.

Preventative actions

Demand AI Disclosure and Verification
  • Ask any lawyer representing you to disclose their AI use and provide written certification that they've independently verified all AI-generated research and citations.

Implement Court Training Programs
  • Advocate for mandatory continuing education for judges and court staff on identifying AI hallucinations, focusing on red flags like case numbers containing "123456" or mismatched regional court reporters.

Verify Legal Research Independently
  • Never rely solely on AI-generated legal research without cross-checking citations in original legal databases and confirming case authenticity through multiple sources.

Establish Verification Protocols
  • Legal organisations should require lawyers to maintain detailed verification logs when using AI tools and implement peer review processes for AI-assisted work.

Support Transparency in Legal AI
  • Push for legal AI companies to provide transparent accuracy metrics and stop marketing tools as "hallucination-free" when they demonstrably produce false information.


Quick snippet stories

  1. Alaska Airlines IT Outage Grounds Fleet
    Alaska Airlines experienced a three-hour IT outage Sunday night that caused over 150 flight cancellations due to critical hardware failure at the airline's data centres, affecting both Alaska Airlines and Horizon Air operations.
    Source: Business Times

  2. Swiss Broadcasting Infrastructure Disrupted
    Switzerland's public broadcaster SRF experienced a mysterious website disruption Thursday morning, with error messages linking to a US web development company, raising questions about European media infrastructure security.
    Source: Bluewin

  3. French Air Traffic Strikes Cause Mass Disruption
    French air traffic controller strikes in early July disrupted over a million travellers, causing 3,700 daily flight delays and 1,400 cancellations, costing airlines approximately €120 million with no resolution in sight.
    Source: Business Insider

  4. Global Starlink Outage Affects Millions
    Starlink's satellite internet service (provided by SpaceX) went down for over two hours Thursday due to "failure of key internal software services that operate the core network," affecting customers from the US to Asia.
    Source: Engadget

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Every fortnight, we send out a risk you may not have heard to help you stay prepared. You can always unsubscribe later.


Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here

Help us help people just like you. Share this post today and spread the support 🤝

Share

Discussion about this episode

User's avatar