The recently exploited SharePoint vulnerability chain known as ToolShell (CVE-2025-53770) has shown once again that patching alone isn’t enough. Attackers gained unauthenticated remote access to vulnerable on-premises SharePoint servers, planted web shells, and exfiltrated cryptographic keys to enable further exploitation.| Nextron Systems
Microsoft SharePoint users are under attack — but this emergency security update alone is not enough to stop the hackers.| Forbes
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Cust...| Microsoft Security Blog
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.| Cisco Talos Blog
SharePoint の脆弱性 CVE-2025-53770 に関するお客様向けガイダンス| msrc.microsoft.com
Unpatched SharePoint? This Zero-Day Could Let Attackers In Microsoft has issued an urgent warning regarding a newly weaponized zero-day vulnerability,| DirectDefense
SentinelOne shares distinct attack clusters and a detailed timeline of events on an active exploit of the ToolShell 0-day in MS SharePoint.| SentinelOne
Microsoft has confirmed that SharePoint Server is under mass global attack. Breaking: An emergency patch has now been released — update immediately.| Forbes
Microsoft hat mittlerweile einen Patch veröffentlicht, Angreifer waren am Wochenende jedoch nicht untätig. Dutzende Sharepoint-Installationen wurden Opfer.| Security
A critical zero-day vulnerability (CVE-2025-53770 ) in SharePoint on-prem is actively being exploited in the wild.| Check Point Blog
Eye Security was first in uncovering active exploitation of CVE-2025-53770 affecting on-prem SharePoint deployments globally. Get the latest IOCs and mitigation steps.| Eye Research
Microsoft has released detailed guidance regarding the SharePoint Server security vulnerabilities that have been exploited in the wild, including the critical "CVE‑2025‑53770".| Neowin
A new critical vulnerability, CVE-2025-53770 (ToolShell), is being actively exploited to attack unpatched on-premises Microsoft SharePoint Servers.| Neowin