SharePoint Zero-Day Exploitation

Order byBest matchMost fresh

Hackers Hit Zero-Day Flaw in Microsoft's SharePoint

Microsoft Releases Emergency Updates Amid Active Exploitation of SharePoint Zero-Day Vulnerability Chain

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

PCMag on MSN · 4d

Mass Exploitation: Hackers Hit Zero-Day Flaw in Microsoft's SharePoint

CSO Online · 2d

Microsoft’s incomplete SharePoint patch led to global exploits by China-linked hackers

· 1d

Tally of Microsoft victims surges to 400 as hackers exploit SharePoint flaw

The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.’s SharePoint servers is increasing rapidly, with the tally of victims soaring more than sixfold in ...

· 1d

Microsoft says China-based hackers exploiting critical SharePoint vulnerabilities to deploy Warlock ransomware — three China-affiliated threat actors seen taking advantage

· 1d

Microsoft fixes SharePoint zero-day exploits used in cyberattacks and ransomware - how to patch them

What to know about ToolShell, the SharePoint threat under mass exploitation

The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The researcher said he picked the name because it exploited ToolPane.aspx, a component for assembling the side panel view in the SharePoint user interface.

1hon MSN

Blame a leak for Microsoft SharePoint attacks, researcher insists

"A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

SecurityWeek2d

ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named

More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.

Krebs on Security4d

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs of active attacks on CVE-2025-53771, and that the patch is to provide more robust protections than the update for CVE-2025-49706.

Redmondmag.com4d

SharePoint Zero Day Vulnerability Exploited in Government System Breaches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert Sunday detailing active exploitation of a critical SharePoint vulnerability, CVE-2025-53770.