Colt Technology Services gets ransomware’d via SharePoint initial access— some learning points

A report-style post describes a Warlock (STORM-2603) ransomware/extortion incident against Colt where attackers exploited a SharePoint on‑prem vulnerability (CVE-2025-53770), installed a webshell (spinstall0.aspx), exfiltrated roughly 400k documents, and advertised the data for sale; the author criticizes delayed breach disclosure, highlights telemetry and LeakIX findings, and provides operational lessons on transparency, segmentation, and attack surface management.