As 2025 draws to a close, this article wraps up the year's most devastating cybersecurity incident: the SharePoint CVE-2025-53770 zero-day that Chinese hackers exploited to breach America's nuclear infrastructure. SharePoint Backdoor to Doomsday reveals how legacy code became a national security catastrophe.
Read the article:
https://decodedintel.com/sharepoint-backdoor-to-doomsday
#SharePoint #CVE202553770 #CyberNuclearThreat #ChinaHack2025 #ZeroDay
⚠️ Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
「 The attackers exploited two recently disclosed Microsoft SharePoint vulnerabilities — CVE-2025-53770, a spoofing flaw, and CVE-2025-49704, a remote code execution (RCE) bug — both affecting on-premises servers. Microsoft issued fixes for the vulnerabilities on July 19 」
#sharepoint #hacking #cybersecurity #CVE202549704 #CVE202553770
A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.
A single SharePoint flaw unleashed a global cyber takeover—hackers are seizing control even before patches hit. How safe is your system? Dive into the details of the ToolShell vulnerability.
Out now! 👉 Our latest #GraylogLabs post on the exploitation of the SharePoint RCE. CVE-2025-53770 and CVE-2025-53771 are critical remote code execution vulnerabilities (CVSS base score 9.8) impacting #Microsoft #SharePoint. In this blog, we simulate the exploitation of this SharePoint RCE vulnerability and analyze the resulting telemetry inside #Graylog. 📊
Read an overview on this attack, follow along as we emulate the adversary SharePoint RCE, explain the requirements to detect this exploit, review indicators, and more. Plus, learn about actionable threat hunting and detection strategies.👇
https://graylog.org/post/adversary-tradecraft-exploitation-of-the-sharepoint-rce/ #SharePointRCE #CVE #cybersecurity #CVE202553770 #CVE202553771
From Check Point Research: SharePoint Servers’ Wide Targeting
Check Point Research updated on the wide exploitation wave using a critical zero-day remote code execution vulnerability (CVE-2025-53770), affecting on-premises Microsoft SharePoint servers. On July 24, Check Point Research found wide exploitation of the CVE, with more than 4600 compromise attempts on over 300 organizations, worldwide.
Recently having some #Sharepoint #cve202553770 cases.
Hint for analysts: also check for Visual Basic and C# not just PowerShell.
ToolShell is actively being exploited and if you're running SharePoint on-prem, this is a real threat!
Join our #CheckMates session tomorrow, Thursday, July 24 at 4 PM CET | 10 AM EST to learn how the exploit works, who's being targeted, and what you can do right now to protect your environment.
We'll hear the latest insights from Check Point Research along with actionable steps.
https://checkpoint.zoom.us/webinar/register/6317532570861/WN_7suWr4NBRFazMtp72zCd3A
#ZeroDay #ToolShell #SharePoint #CyberSecurity #CheckPoint #CVE202553770 #ThreatIntel
Join Check Point experts for a deep dive into CVE-2025-53770, known as ToolShell, the critical zero-day vulnerability affecting SharePoint on-premises servers. Learn how attackers are exploiting this flaw in the wild—and how organizations can stay ahead with a connected security approach. We’ll cover findings from Check Point Research, real-world attack patterns, and how Check Point products—from SASE to IPS and External Risk Management—work together to prevent, detect, and respond. Key takeaways: - How the Toolshell vulnerability works and who is being targeted - Early insights from Check Point Research - Best practices for securing SharePoint environments - How Check Point solutions help reduce exposure and speed up response Join us to stay protected! We look forward to seeing you there!
Urgent SharePoint Security Update
Microsoft has released out-of-band patches for two actively exploited SharePoint zero-days, CVE-2025-53770 and CVE-2025-53771, used in ToolShell attacks that have already impacted dozens of organizations worldwide. Microsoft has patches for Microsoft SharePoint Subscription Edition and SharePoint 2019, but is still working on an update for SharePoint 2016.
Admins, patch and:
✔ Rotate machine keys after patching
✔ Review logs for suspicious activity
✔ Investigate any signs of compromise immediately
Don't delay—these RCE flaws bypass earlier fixes and are being actively exploited.
Read the details: https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/
#Cybersecurity #SharePoint #ZeroDay #PatchNow #Infosec #IncidentResponse #Microsoft #CVE202553770 #CVE202553771 #DFIR #IT #CISO #ITsecurity
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks.
🚨 URGENT: SharePoint Vulnerability Actively Exploited 🚨
If your business is running SharePoint Server on-prem, you're at real risk.
CVE-2025-53770 is being exploited in the wild — attackers can run code without credentials.
📖 Read the full breakdown →
👉 https://zurl.co/duWOv
#SharePoint #CyberSecurity #CVE202553770 #BostonManagedIT #MSP #PatchNow #ITSecurity #SmallBusinessIT #CISAAlert #Microsoft
Cyber threats don’t wait—and CVE-2025-53770 is proof. Staying a step ahead means acting fast, patching promptly, and having the right IT partner in your corner.We’ll keep your business secure. You focus on growth.
If you're hunting for #CVE-2025-53770 then I'd recommend also looking for connections to *.ngrok-free.app as it's used to distribute PowerShell reverse shell.
ESET Inspect rule Potential SharePoint Post-Exploitation (Cmd/PowerShell) [E0474] is triggered on all exploitation attempts seen so far.
Dedoded Intel
jbz
The DefendOps Diaries
Graylog
Daniel Kuhl ✌🏻☮️☕️
13reak 
LMG Security
Boston Managed IT
Ján Trenčanský