Tag Microsoft

Severe Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers

July 20, 2025
Zero-Day / Vulnerability

A serious security flaw in Microsoft SharePoint Server has been weaponized in an ongoing, large-scale exploitation campaign. The zero-day vulnerability, identified as CVE-2025-53770 (CVSS score: 9.8), is a variant of CVE-2025-49704 (CVSS score: 8.8), which was addressed by Microsoft in their July 2025 Patch Tuesday updates. Microsoft explained that “deserialization of untrusted data in on-premises Microsoft SharePoint Server enables unauthorized attackers to execute code over a network,” as detailed in an advisory released on July 19, 2025. The company is actively preparing a comprehensive update to mitigate this issue. Viettel Cyber Security is credited with discovering and reporting the flaw through Trend Micro’s Zero Day Initiative (ZDI). Additionally, Microsoft has acknowledged awareness of ongoing attacks related to this vulnerability.

Critical Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers July 20, 2025 In an alarming development, a critical zero-day vulnerability in Microsoft SharePoint Server has been actively exploited in a large-scale attack campaign, leading to the breach of more than 75 company servers. This vulnerability, designated as…

Read More

Severe Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers

July 20, 2025
Zero-Day / Vulnerability

A serious security flaw in Microsoft SharePoint Server has been weaponized in an ongoing, large-scale exploitation campaign. The zero-day vulnerability, identified as CVE-2025-53770 (CVSS score: 9.8), is a variant of CVE-2025-49704 (CVSS score: 8.8), which was addressed by Microsoft in their July 2025 Patch Tuesday updates. Microsoft explained that “deserialization of untrusted data in on-premises Microsoft SharePoint Server enables unauthorized attackers to execute code over a network,” as detailed in an advisory released on July 19, 2025. The company is actively preparing a comprehensive update to mitigate this issue. Viettel Cyber Security is credited with discovering and reporting the flaw through Trend Micro’s Zero Day Initiative (ZDI). Additionally, Microsoft has acknowledged awareness of ongoing attacks related to this vulnerability.

Microsoft Issues Critical Patch for SharePoint RCE Vulnerability Targeted in Ongoing Cyber Attacks

July 21, 2025
Server Security / Vulnerability

On Sunday, Microsoft released vital security updates to address an actively exploited vulnerability in SharePoint and provided details on another flaw that now has “more robust protections.” The company acknowledged it is “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.” The exploited vulnerability, tracked as CVE-2025-53770 (CVSS score: 9.8), involves remote code execution due to the deserialization of untrusted data in on-premises versions of Microsoft SharePoint Server. The newly identified issue is a spoofing vulnerability (CVE-2025-53771, CVSS score: 7.1), discovered and reported by Viettel Cyber Security and an anonymous researcher. The flaw is linked to inadequate restrictions on pathnames, leading to potential path traversal in Microsoft Office SharePoint…

Microsoft Issues Urgent Security Patch for Critical SharePoint Vulnerability Amid Ongoing Cyber Attacks On July 21, 2025, Microsoft released critical security updates aimed at addressing a serious vulnerability in SharePoint that is currently being exploited in ongoing cyber attacks targeting on-premises customers. The company revealed that it is aware of…

Read More

Microsoft Issues Critical Patch for SharePoint RCE Vulnerability Targeted in Ongoing Cyber Attacks

July 21, 2025
Server Security / Vulnerability

On Sunday, Microsoft released vital security updates to address an actively exploited vulnerability in SharePoint and provided details on another flaw that now has “more robust protections.” The company acknowledged it is “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.” The exploited vulnerability, tracked as CVE-2025-53770 (CVSS score: 9.8), involves remote code execution due to the deserialization of untrusted data in on-premises versions of Microsoft SharePoint Server. The newly identified issue is a spoofing vulnerability (CVE-2025-53771, CVSS score: 7.1), discovered and reported by Viettel Cyber Security and an anonymous researcher. The flaw is linked to inadequate restrictions on pathnames, leading to potential path traversal in Microsoft Office SharePoint…

Strategic Investment Prospects Following the Columbia Breach

Columbia University recently experienced a significant data breach that exposed the personal information of 1.8 million individuals, including Social Security numbers. This incident not only disrupted critical IT operations for several days but also serves as a pivotal moment for cybersecurity within higher education. The ramifications of the breach are…

Read MoreStrategic Investment Prospects Following the Columbia Breach

⚡ Weekly Summary: Critical SharePoint Zero-Day, Chrome Vulnerability, macOS Spyware, NVIDIA Toolkit RCE, and More

Published: July 21, 2025
Category: Enterprise Security / Zero Day

Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.

The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.

⚡ Threat of the Week: Critical SharePoint Zero-Day Under Active Exploitation (Patch Issued Today)

Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…

Weekly Security Brief: SharePoint Vulnerability, Chrome Exploit, macOS Spyware, and NVIDIA Toolkit RCE July 21, 2025 In the realm of cybersecurity, recent developments indicate that attackers are increasingly circumventing traditional defenses by exploiting seemingly benign vulnerabilities. These intrusions often rely on outdated security configurations, weak encryption, and unprotected trusted tools…

Read More

⚡ Weekly Summary: Critical SharePoint Zero-Day, Chrome Vulnerability, macOS Spyware, NVIDIA Toolkit RCE, and More

Published: July 21, 2025
Category: Enterprise Security / Zero Day

Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.

The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.

⚡ Threat of the Week: Critical SharePoint Zero-Day Under Active Exploitation (Patch Issued Today)

Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…

Is IT-OT Integration Essential?

Governance & Risk Management, Operational Technology (OT) Security Experts Advocate for Coordinated Autonomy Instead of Complete Integration Suparna Goswami (gsuparna) • August 4, 2025 Image: Shutterstock The divide between IT and OT teams can be likened to two groups speaking entirely different languages. While IT departments focus on data integrity…

Read MoreIs IT-OT Integration Essential?

Hackers Exploiting SharePoint Zero-Day Since July 7 to Steal Keys and Ensure Ongoing Access

July 22, 2025
Vulnerability / Threat Intelligence

A recently revealed critical vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025, according to Check Point Research. The cybersecurity firm detected initial attacks targeting a major unnamed Western government, with activities escalating on July 18 and 19 across government, telecommunications, and software sectors in North America and Western Europe. Check Point identified the exploitation efforts originating from three separate IP addresses—104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147—one of which was previously associated with the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) appliances (CVE-2025-4427 and CVE-2025-4428). “We are witnessing an urgent and active threat: a critical zero-day vulnerability in SharePoint on-premises is being exploited globally, endangering thousands of organizations,” stated Lotem Finkelstein, Director of Threat Intelligence at Check Point.

Hackers Exploit SharePoint Zero-Day Vulnerability Since July 7 to Hijack Credentials and Ensure Ongoing Access July 22, 2025 Vulnerability / Threat Intelligence A critical vulnerability in Microsoft SharePoint has come to light, and reports indicate that it has been under active exploitation since July 7, 2025. Findings from Check Point…

Read More

Hackers Exploiting SharePoint Zero-Day Since July 7 to Steal Keys and Ensure Ongoing Access

July 22, 2025
Vulnerability / Threat Intelligence

A recently revealed critical vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025, according to Check Point Research. The cybersecurity firm detected initial attacks targeting a major unnamed Western government, with activities escalating on July 18 and 19 across government, telecommunications, and software sectors in North America and Western Europe. Check Point identified the exploitation efforts originating from three separate IP addresses—104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147—one of which was previously associated with the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) appliances (CVE-2025-4427 and CVE-2025-4428). “We are witnessing an urgent and active threat: a critical zero-day vulnerability in SharePoint on-premises is being exploited globally, endangering thousands of organizations,” stated Lotem Finkelstein, Director of Threat Intelligence at Check Point.

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Date: July 22, 2025
Category: Vulnerability / Threat Intelligence

Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:

  • Linen Typhoon (also known as APT27, Bronze Union, Emissary Panda, Iodine, Lucky Mouse, Red Phoenix, and UNC215), active since 2012 and previously linked to malware families including SysUpdate, HyperBro, and PlugX.
  • Violet Typhoon (aka …).

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacking Groups July 22, 2025 In a recent announcement, Microsoft has officially connected the exploitation of vulnerabilities in SharePoint Server instances to two Chinese cybercriminal organizations known as Linen Typhoon and Violet Typhoon. This confirmation reinforces prior reports regarding the ongoing attacks,…

Read More

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Date: July 22, 2025
Category: Vulnerability / Threat Intelligence

Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:

  • Linen Typhoon (also known as APT27, Bronze Union, Emissary Panda, Iodine, Lucky Mouse, Red Phoenix, and UNC215), active since 2012 and previously linked to malware families including SysUpdate, HyperBro, and PlugX.
  • Violet Typhoon (aka …).

CISA Issues Immediate Patch Directive After Chinese Hackers Exploit SharePoint Vulnerabilities in Ongoing Attacks

CISA Urges Immediate Patching of Microsoft SharePoint Vulnerabilities Amid Ongoing Attacks by Chinese Hackers On July 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally identified two critical Microsoft SharePoint vulnerabilities—CVE-2025-49704 and CVE-2025-49706—as part of its Known Exploited Vulnerabilities (KEV) catalog. This designation follows evidence indicating that these…

Read MoreCISA Issues Immediate Patch Directive After Chinese Hackers Exploit SharePoint Vulnerabilities in Ongoing Attacks