Out now! 👉 Our latest #GraylogLabs post on the exploitation of the SharePoint RCE. CVE-2025-53770 and CVE-2025-53771 are critical remote code execution vulnerabilities (CVSS base score 9.8) impacting #Microsoft #SharePoint. In this blog, we simulate the exploitation of this SharePoint RCE vulnerability and analyze the resulting telemetry inside #Graylog. 📊

Read an overview on this attack, follow along as we emulate the adversary SharePoint RCE, explain the requirements to detect this exploit, review indicators, and more. Plus, learn about actionable threat hunting and detection strategies.👇

https://graylog.org/post/adversary-tradecraft-exploitation-of-the-sharepoint-rce/ #SharePointRCE #CVE #cybersecurity #CVE202553770 #CVE202553771

Urgent SharePoint Security Update

Microsoft has released out-of-band patches for two actively exploited SharePoint zero-days, CVE-2025-53770 and CVE-2025-53771, used in ToolShell attacks that have already impacted dozens of organizations worldwide. Microsoft has patches for Microsoft SharePoint Subscription Edition and SharePoint 2019, but is still working on an update for SharePoint 2016.

Admins, patch and:
✔ Rotate machine keys after patching
✔ Review logs for suspicious activity
✔ Investigate any signs of compromise immediately

Don't delay—these RCE flaws bypass earlier fixes and are being actively exploited.

Read the details: https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/

#Cybersecurity #SharePoint #ZeroDay #PatchNow #Infosec #IncidentResponse #Microsoft #CVE202553770 #CVE202553771 #DFIR #IT #CISO #ITsecurity