Microsoft, SharePoint
Digest more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in an alert, said it's aware of active exploitation of CVE-2025-53770, which enables unauthenticated access to SharePoint systems and arbitrary code execution over the network.
State CISOs in North Carolina and Arizona said their teams began work immediately to ensure on-prem SharePoint systems were secure, following the recent disclosure of an active zero-day exploit.
Microsoft has released a critical patch for a security flaw in its SharePoint software. Hackers actively exploited this vulnerability, targeting businesses and US government agencies. The company issued the fix between July 19 and 20.
5hon MSN
Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows
A security patch released by Microsoft earlier this month failed to fully fix a critical flaw in the U.S. tech company's SharePoint server software that had been identified at a hacking competition in May,
Dubbed a “zero-day” because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.
A major cyberespionage operation targeting Microsoft's SharePoint server software has compromised about 100 organizations worldwide. The operation exploits a zero-day vulnerability, allowing hackers to install backdoors on affected servers.