If exploited, attackers can gain full access to SharePoint content and potentially pivot to Outlook, Teams, and OneDrive.

The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The ...

Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell ...

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft ...

The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the ...

The term "zero-day" attack refers to when a previously unknown vulnerability is targeted. Tens of thousands of servers are ...

Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771.

Unknown threat actors are using a weaponised version of an exploit showcased at Pwn2Own Berlin in May to target SharePoint ...

Patches for two vulnerable editions of Microsoft's on-premises SharePoint Server collaboration tool are now available, with ...

A security patch Microsoft (MSFT.O), opens new tab released this month failed to fully fix a critical flaw in the U.S. tech ...

Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently ...

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs ...