Microsoft News Articles

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.

1 week ago

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

PipeMagic exploits CVE-2025-29824 in Windows, enabling RansomExx attacks in Saudi Arabia and Brazil.

1 week ago

PipeMagic in 2025: How the backdoor operators’ tactics have changed

We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and Saudi Arabia, and the exploitation of CVE-2025-29824 in 2025.

1 week ago

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

EncryptHub exploits CVE-2025-26633 with social engineering and rogue MSC files, delivering Fickle Stealer malware.

2 weeks ago

Canada’s House of Commons investigating data breach after cyberattack

The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday.

2 weeks ago

Over 29,000 Exchange servers unpatched against high-severity flaw

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.

2 weeks ago

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Microsoft patches CVE-2025-49760 Windows RPC flaw enabling spoofing, hash theft, and privilege escalation.

3 weeks ago

Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability

The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed.

3 weeks ago

28,000+ Microsoft Exchange Servers Vulnerable to CVE-2025-53786 Exposed Online

Over 28,000 unpatched Microsoft Exchange servers are exposed on the public internet and remain vulnerable to a critical security flaw designated CVE-2025-53786, according to new scanning data released on August 7, 2025, by The Shadowserver Foundation.

3 weeks ago

CVE-2025-53786: U.S. CISA Issues Emergency Directive for Post-Authentication Vulnerability in Microsoft Exchange Hybrid Configurations - Arctic Wolf

On August 6, 2025, Microsoft disclosed a high-severity post-authentication vulnerability affecting on-premises Microsoft Exchange servers configured for hybrid-joined environments, tracked as CVE-2025-53786. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Direct...

3 weeks ago

Microsoft Exchange Server Hybrid at risk by CVE-2025-53786 | Born's Tech and Windows World

[German]Another note for administrators of Microsoft Exchange Server hybrid configurations. Microsoft points out that these configurations are at risk from an Elevation of Privilege vulnerability...

3 weeks ago

CISA orders fed agencies to patch new Exchange flaw by Monday

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET.

3 weeks ago

CISA, Microsoft issue alerts on ‘high-severity’ Exchange vulnerability

Organizations with on-premises Microsoft Exchange servers are being urged to take steps to reduce exposure to a vulnerability recently reported by a researcher.

3 weeks ago

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) - Help Net Security

In a Microsoft Exchange hybrid deployment, CVE-2025-53786 could be exploited by attackers to access the org’s connected cloud environment.

3 weeks ago

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allowing privilege escalation in hybrid cloud environments.

3 weeks ago

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft warns of CVE-2025-53786 in Exchange Server risking cloud identity abuse; admins urged to patch.

3 weeks ago

CISA Issues Urgent Microsoft CVE-2025-53786 Security Warning

The US Cybersecurity and Infrastructure Security Agency has warned Microsoft users of a high-severity security vulnerability that requires immediate attention.

3 weeks ago

Microsoft warns of high-severity flaw in hybrid Exchange deployments

Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces.

3 weeks ago

New Microsoft Exchange Server Vulnerability Allows Unauthorized Admin Privilege Escalation

Microsoft has disclosed a high-severity security vulnerability affecting Exchange Server hybrid deployments that could allow attackers with administrative access.

3 weeks ago

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities | CISA

CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704(link is external) [CWE-94: Code...

3 weeks ago

ALERTS VULNEREBILITY

DATENAME INFO CATEGORYSUBCATE 25.7.25 CVE-2025-53770 - Critical SharePoint Zero-Day vulnerability exploited in the wild Microsoft has patched a zero-day vulnerability in SharePoint...

3 weeks ago

The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025

Can your defenses withstand the biggest attacks of Summer 2025? From Interlock's FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization's defenses with Picus Security Validation Platform to find gaps before attackers do.

3 weeks ago

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.

3 weeks ago

Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 29)

Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization. Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization.

1 month ago

ToolShell: Uncovering Five Critical Vulnerabilities in Microsoft SharePoint

Security researchers from Kaspersky have detailed a sophisticated exploit chain dubbed "ToolShell," actively targeting on-premise.

1 month ago

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.

Microsoft SharePoint attacks ensnare 400 victims, including federal agencies

The Departments of Energy, Homeland Security and Health and Human Services have been impacted.

What we know about the Microsoft SharePoint attacks

State-linked hackers and ransomware groups are targeting SharePoint customers across the globe.

Chinese nation-state groups exploiting SharePoint vulnerability, Microsoft confirms

Microsoft said previously known Chinese nation-state operations that it tracks as Linen Typhoon and Violet Typhoon — as well as a third, less-known group — were among those exploiting serious bugs in SharePoint server software.

US nuclear weapons agency reportedly hacked in SharePoint attacks

Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.

US nuclear weapons agency hacked in Microsoft SharePoint attacks

Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.

ToolShell Threat Brief: SharePoint RCE CVE-2025-53770, 53771

Bitsight's overview of critical SharePoint RCE zero-days CVE-2025-53770 & CVE-2025-53771, active exploitation & impact, with mitigation recommendations.

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

CISA flags Microsoft SharePoint flaws under active attack by Chinese hackers. U.S. agencies must patch by July 23

3 China Nation-State Actors Target SharePoint Bugs

Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft's recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server.

Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers. Possession of these cryptographic machine keys allows an attacker to forge authentication tokens and maintain access even if the server is patched. Therefore, it is c...

Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers. Possession of these cryptographic machine keys allows an attacker to forge authentication tokens and maintain access even if the server is patched. Therefore, it is c...

Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers. Possession of these cryptographic machine keys allows an attacker to forge authentication tokens and maintain access even if the server is patched. Therefore, it is c...

UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities | CISA

Update (07/22/2025): This Alert was updated to reflect newly released information(link is external) from Microsoft, and to correct the actively exploited Common Vulnerabilities and Exposures (CVEs), which...

Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft ...

Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain.

Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to…

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

SharePoint Zero-Day VulnerabilityCVE-2025-53770 - Check Point Blog

A critical zero-day vulnerability (CVE-2025-53770 ) in SharePoint on-prem is actively being exploited in the wild.

Proactive Security for CVE-2025-53770 and CVE-2025-53771 SharePoint Attacks

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

Proactive Security for CVE-2025-53770 and CVE-2025-53771 SharePoint Attacks

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

SentinelOne shares distinct attack clusters and a detailed timeline of events on an active exploit of the ToolShell 0-day in MS SharePoint.

ToolShell Zero-day: Microsoft Rushes Emergency Patch for Actively Exploited SharePoint Vulnerabilities | Qualys

On July 19, 2025, Microsoft issued an emergency out-of-band security update to address two zero-day vulnerabilities in Microsoft SharePoint Server: CVE-2025…

SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know | Wiz Blog

Detect and mitigate CVE-2025-53770 and CVE-2025-53771 - critical vulnerabilities in Microsoft SharePoint Server currently under active exploitation.

CVE-2025-53770: Widespread Exploitation of ToolShell RCE Vulnerability Observed in Microsoft SharePoint On-Premises - Arctic Wolf

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances.