If exploited, attackers can gain full access to SharePoint content and potentially pivot to Outlook, Teams, and OneDrive.

Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell ...

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft ...

Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771.

The active exploitation of a dangerous zero-day vulnerability chain in Microsoft SharePoint – which was disclosed over the ...

Closing the gaps is not enough against the current toolshell attacks. After all, attackers could already be inside. We show ...

Unknown threat actors are using a weaponised version of an exploit showcased at Pwn2Own Berlin in May to target SharePoint ...

Patches for two vulnerable editions of Microsoft's on-premises SharePoint Server collaboration tool are now available, with ...

A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort, a ...

The term "zero-day" attack refers to when a previously unknown vulnerability is targeted. Tens of thousands of servers are ...

Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the ...

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs ...