SharePoint Shenanigans: ToolShell Zero-Day Chaos Hits 400 Servers, Including US Agencies!
The ToolShell zero-day attacks have hit over 400 SharePoint servers, including US government agencies. Microsoft linked these attacks to Chinese cyberespionage groups. While patches are out, there’s still confusion over the exact vulnerabilities exploited. It’s a bit like trying to solve a puzzle where the pieces keep changing shape!
Hot Take:
Apparently, Microsoft SharePoint servers are now the hottest property on the cyber black market, and it seems everyone wants a piece! From state-sponsored spies to ransomware enthusiasts, if you haven’t got a SharePoint server yet, are you even trying to get hacked? But fear not, Microsoft is here to save the day with patches that have the shelf life of a banana. Stay safe and keep your server doors locked, folks!
Key Points:
- Microsoft SharePoint zero-day vulnerabilities have been exploited in ToolShell attacks.
- Chinese state-sponsored groups, Linen Typhoon and Violet Typhoon, are believed to be involved.
- At least 400 SharePoint servers have been compromised, including several US government agencies.
- CVE-2025-53770 and CVE-2025-53771 are the vulnerabilities in question.
- Microsoft has released patches, although initial mitigations were bypassed.