Forbes

Attackers Weaponizing Unpatched SharePoint Zero-Days: Total Takeover Without Logging In

A hacker logs into nothing—no username, no password, no multifactor prompt. Yet within moments, they are stealing confidential business documents, creating administrator accounts and planting ...
GitHub

Sharepoint Indexing

This section explains how to configure SharePoint as a data source for the ragindex GPT-RAG Azure AI Search Index, using the Sites.Selected permission to limit access to specific site collections.
Dark Reading

JSON Config File Leaks Azure ActiveDirectory Credentials

A publicly accessible configuration file for ASP.NET Core applications has been leaking credentials for Azure ActiveDirectory (AD), potentially allowing cyberattackers to authenticate directly via ...
Security Boulevard

New SharePoint Zero-Day Allows Unauthenticated Remote Code Execution

In July 2025, a critical zero-day vulnerability (CVE-2025-53770) was publicly disclosed, affecting Microsoft SharePoint Server. The flaw enables unauthenticated remote code execution (RCE), by ...
Ars Technica

What to know about ToolShell, the SharePoint threat under mass exploitation

Government agencies and private industry have been under siege over the past four days following the discovery that a critical vulnerability in SharePoint, the widely used document-sharing app made by ...
PC Gamer

Microsoft confirms SharePoint vulnerabilities have been exploited by suspected Chinese hackers, as reports indicate the US Nuclear Security Administration may have been among ...

Following on from Microsoft's warning earlier this week that "active attacks" were targeting its SharePoint Server customers through a known exploit, the company has now released a blog post revealing ...
Indiatimes

Microsoft SharePoint zero-day breach hits 75 servers: Here’s what the company said on the attack

A critical zero-day vulnerability, CVE-2025-53770, is actively exploited in Microsoft SharePoint, impacting 75 company servers, including major corporations and US government agencies. This flaw ...
Ars Technica

SharePoint vulnerability with 9.8 severity rating under exploit across globe

Authorities and researchers are sounding the alarm over the active mass exploitation of a high-severity vulnerability in Microsoft SharePoint Server that’s allowing attackers to make off with ...
Forbes

Microsoft Confirms Global SharePoint Attack — Emergency Update Issued

Update, July 21, 2025: This story, originally published on July 20, has been updated to include additional expert comments regarding the global zero-day attack impacting Microsoft on-premise ...
TechRepublic

Patch SharePoint Now: Microsoft Servers at Risk of New ToolShell RCE Attack

Patch SharePoint Now: Microsoft Servers at Risk of New ToolShell RCE Attack Your email has been sent How the ToolShell RCE attack works How to protect your SharePoint server from compromise What to do ...
Inc

If Your Business Uses These Versions of Microsoft SharePoint, Patch Them Now

A large-scale attack on Microsoft’s server software, SharePoint, has affected systems across the world. The following SharePoint versions are at issue: Microsoft SharePoint Server Subscription Edition ...
Bleeping Computer

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

Update 7/21/25: Added links to the security updates for Microsoft SharePoint 2019. Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been ...