Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, impersonation, and extortion.

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

There was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in

Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, Bloomberg News reported on Friday.

New estimates regarding the recently-exploited Microsoft SharePoint vulnerabilities now evaluate that as many as 400 organizations may have been targeted.

Department of Homeland Security headquarters, several of its agencies and the Department of Health and Human Services have been hacked as part of a wider breach of Microsoft SharePoint.​

The SharePoint vulnerabilities that Microsoft released emergency patches for earlier this week – tracked as CVE-2025-53770 and CVE-2025-53771 – have been exploited much further than previously thought. As reported by Bloomberg, the number of companies and organizations affected by the two exploits has grown to more than 400 in just a few days.

A cyber-espionage campaign centered on vulnerable versions of Microsoft's server software now involves the deployment of ransomware, Microsoft said in a late Wednesday blog post.

Chinese hackers breached the U.S. National Nuclear Security Administration through Microsoft SharePoint, with the Energy Department confirming no sensitive information was stolen.