Security researchers have revealed alarming details about how attackers are exploiting recently disclosed Microsoft SharePoint vulnerabilities to steal critical IIS Machine Keys, potentially giving hackers persistent backdoor access to compromised servers.
The exploitation campaign, which began approximately 10 days ago, leverages CVE-2025-53770 and CVE-2025-53771...
A massive cybersecurity crisis affecting Microsoft SharePoint servers worldwide, with over 17,000 servers exposed to internet-based attacks and 840 specifically vulnerable to the critical zero-day vulnerability CVE-2025-53770.
This zero-day exploit, dubbed "ToolShell" by security researchers, carries a critical CVSS score of 9.8 and enables...
A Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are currently being exploited in the wild.
The module, developed by Principal Security Researcher Stephen Fewer, exploits a chained attack leveraging CVE-2025-53770 and CVE-2025-53771 to achieve unauthenticated remote code execution on...
A damaging cyber-intrusion has exposed sensitive data within networks that manage elements of the United States’ nuclear weapons enterprise.
Investigators say a previously unknown SharePoint 0-day exploit granted adversaries privileged access to document repositories that house maintenance schedules, engineering drawings, and parts-tracking records for...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of critical SharePoint vulnerabilities by Chinese nation-state actors, prompting immediate action from organizations running on-premises SharePoint servers.
Microsoft Security Response Center confirmed that threat actors are actively exploiting a...
A urgent guidance on July 19, 2025, warning of active attacks targeting on-premises SharePoint servers by Chinese nation-state actors exploiting critical vulnerabilities CVE-2025-53770 and CVE-2025-53771.
The company has observed multiple threat groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, conducting sophisticated attacks against internet-facing...