SharePoint Zero-Day Exploitation

Order byBest matchMost fresh

Hackers Hit Zero-Day Flaw in Microsoft's SharePoint

Microsoft Releases Emergency Updates Amid Active Exploitation of SharePoint Zero-Day Vulnerability Chain

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

PCMag on MSN · 4d

Mass Exploitation: Hackers Hit Zero-Day Flaw in Microsoft's SharePoint

CSO Online · 1d

Microsoft’s incomplete SharePoint patch led to global exploits by China-linked hackers

· 1d

Tally of Microsoft victims surges to 400 as hackers exploit SharePoint flaw

The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.’s SharePoint servers is increasing rapidly, with the tally of victims soaring more than sixfold in ...

· 1d

Microsoft says China-based hackers exploiting critical SharePoint vulnerabilities to deploy Warlock ransomware — three China-affiliated threat actors seen taking advantage

· 12h

Hackers attack Microsoft SharePoint, targeting organizations like U.S nuclear security

What to know about ToolShell, the SharePoint threat under mass exploitation

The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The researcher said he picked the name because it exploited ToolPane.aspx, a component for assembling the side panel view in the SharePoint user interface.

SecurityWeek1d

ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named

More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.

Redmondmag.com4d

SharePoint Zero Day Vulnerability Exploited in Government System Breaches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert Sunday detailing active exploitation of a critical SharePoint vulnerability, CVE-2025-53770.

Krebs on Security4d

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs of active attacks on CVE-2025-53771, and that the patch is to provide more robust protections than the update for CVE-2025-49706.

SecurityWeek3d

ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets

More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities.