The recently exploited SharePoint vulnerability chain known as ToolShell (CVE-2025-53770) has shown once again that patching alone isn’t enough. Attackers gained unauthenticated remote access to vulnerable on-premises SharePoint servers, planted web shells, and exfiltrated cryptographic keys to enable further exploitation.| Nextron Systems
Microsoft SharePoint users are under attack — but this emergency security update alone is not enough to stop the hackers.| Forbes
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Cust...| Microsoft Security Blog
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.| Cisco Talos Blog
SharePoint の脆弱性 CVE-2025-53770 に関するお客様向けガイダンス| msrc.microsoft.com
Unpatched SharePoint? This Zero-Day Could Let Attackers In Microsoft has issued an urgent warning regarding a newly weaponized zero-day vulnerability,| DirectDefense
Microsoft has confirmed that SharePoint Server is under mass global attack. Breaking: An emergency patch has now been released — update immediately.| Forbes
A critical zero-day vulnerability (CVE-2025-53770 ) in SharePoint on-prem is actively being exploited in the wild.| Check Point Blog
Eye Security was first in uncovering active exploitation of CVE-2025-53770 affecting on-prem SharePoint deployments globally. Get the latest IOCs and mitigation steps.| Eye Research
