Microsoft’s SharePoint Snafu: Chinese Hackers Exploit Zero-Day Chaos

Microsoft says Chinese threat actors exploited SharePoint zero-day vulnerabilities weeks before patches. Yet, confusion reigns over which CVEs were actually exploited. With nation-state actors involved, it’s a cybersecurity whodunit. Maybe we should ask Linen Typhoon or Violet Typhoon if they left any crumbs behind!

3P
Published: July 22, 2025 5:46 pmAdded: July 22, 2025 at 10:59 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Microsoft’s latest SharePoint zero-day drama is akin to a cybersecurity soap opera with a plot twist every commercial break. As Chinese threat actors allegedly exploit these vulnerabilities, Microsoft’s attempts to shed light just leave everyone squinting at their screens in confusion. Can someone pass the popcorn, please?

Key Points:

  • Chinese threat actors exploited SharePoint zero-days, dubbed ToolShell, before patches were released.
  • Microsoft’s timeline suggests earlier awareness of vulnerabilities by Chinese hackers.
  • Confusion persists over which specific CVEs were exploited in these attacks.
  • WatchTowr claims CVE-2025-53770 and CVE-2025-53771 have been chained in attacks.
  • Over 9,000 SharePoint instances were exposed, with hundreds targeted immediately.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?