Microsoft SharePoint
Critical Microsoft SharePoint flaw now exploited in attacks
A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. Tracked as CVE-2026-20963, this security flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Successful exploitation enables threat actors without privileges to achieve remote code execution on unpatched servers […]
Microsoft 365 Backup to add file-level restore for faster recovery
Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders. Microsoft 365 Backup is a SharePoint, OneDrive, and Exchange backup and restore service designed to protect against data loss from ransomware, accidental deletion, or data corruption. Until now, Microsoft 365 […]
Sharepoint ToolShell attacks targeted orgs across four continents
Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. The security flaw affects on-premise SharePoint servers and was disclosed as an actively exploited zero-day on July 20, after multiple hacking groups tied to China leveraged it in widespread […]
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. Security researchers at Palo Alto Networks’ Unit 42 have discovered a 4L4MD4R ransomware variant, based on open-source Mauri870 code, while analyzing incidents involving this SharePoint exploit […]
Microsoft: SharePoint servers also targeted in ransomware attacks
A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks. “Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft […]
US nuclear weapons agency hacked in Microsoft SharePoint attacks
Unknown threat actors have breached the National Nuclear Security Administration’s network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a semi-autonomous U.S. government agency part of the Department of Energy that maintains the country’s nuclear weapons stockpile and is also tasked with responding to nuclear and radiological emergencies within the […]
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers
Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit chain (dubbed “ToolShell”) to breach dozens of organizations worldwide after hacking into their on-premise SharePoint servers. “We assess that at least one of the actors responsible for […]
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in “ToolShell” attacks. In May, during the Berlin Pwn2Own hacking contest, researchers exploited a zero-day vulnerability chain called “ToolShell,” which enabled them to achieve remote code execution in Microsoft SharePoint. These flaws were fixed as part […]
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. In May, Viettel Cyber Security researchers chained two Microsoft SharePoint flaws, CVE-2025-49706 and CVE-2025-49704, in a “ToolShell” attack demonstrated at Pwn2Own Berlin to achieve remote code execution. While […]