Bleeping Computer

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

Update 7/21/25: Added links to the security updates for Microsoft SharePoint 2019. Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been ...
Forbes

Microsoft Confirms Global SharePoint Attack — Emergency Update Issued

Update, July 21, 2025: This story, originally published on July 20, has been updated to include additional expert comments regarding the global zero-day attack impacting Microsoft on-premise ...
Houston Chronicle

Microsoft releases security update after hackers exploited SharePoint software to target U.S. users

Microsoft has issued two emergency updates after a vulnerability in Microsoft's SharePoint server software was exploited by hackers over the weekend to carry out attacks on businesses and U.S. federal ...
Krebs on Security

Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch ...
Bleeping Computer

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" ...
ZDNet

Microsoft fixes SharePoint zero-day exploits used in cyberattacks and ransomware - how to patch them

Microsoft has patched three critical zero-day SharePoint security flaws that hackers have already exploited to attack more vulnerable organizations. Responding to the exploits, the software giant ...
CoinTelegraph

Microsoft publishes emergency patches for its SharePoint software amid attacks

SharePoint’s cloud-based platform remains unaffected, with the vulnerabilities limited to on-premises installations, Microsoft said. Microsoft has published emergency security patches to protect users ...
Reuters

Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows

LONDON, July 22 (Reuters) - A security patch Microsoft (MSFT.O), opens new tab released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the ...
CRN

Victims Mounting In Microsoft SharePoint Attacks: Researchers

More than 400 systems have been compromised so far, according to researchers at Eye Security, and reports indicate that federal education and energy agencies are among the victims. More than 400 ...
CRN

Microsoft Says SharePoint Attacks Now Include Ransomware

A China-linked threat actor has been observed exploiting SharePoint servers to deliver ransomware, according to Microsoft researchers, in the latest sign of worsening impacts from the widespread ...
Fox Business

Microsoft identifies Chinese hacking groups behind persistent SharePoint server attacks

Tech giant Microsoft on Tuesday said that three groups of China-based hackers were behind an ongoing cyberattack on its SharePoint file-sharing system. The Microsoft Security Response Center first ...