Bleeping Computer

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. This HTTP request smuggling bug (CVE-2025-55315 ...
Dark Reading

Sitecore Zero-Day Sparks New Round of ViewState Threats

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...
Security Boulevard

New SharePoint Zero-Day Allows Unauthenticated Remote Code Execution

In July 2025, a critical zero-day vulnerability (CVE-2025-53770) was publicly disclosed, affecting Microsoft SharePoint Server. The flaw enables unauthenticated remote code execution (RCE), by ...
ZDNet

Microsoft fixes SharePoint zero-day exploits used in cyberattacks and ransomware - how to patch them

Microsoft has patched three critical zero-day SharePoint security flaws that hackers have already exploited to attack more vulnerable organizations. Responding to the exploits, the software giant ...
WeLiveSecurity

ToolShell: An all-you-can-eat buffet for threat actors

Figure 2 shows the timeline of the attacks coming from the three most active IP addresses. Figure 2. Attacks from the most active IP addresses seen per hour (zero values not shown) Concerningly, ...
Computer Weekly

Chinese cyber spies among those linked to SharePoint attacks

An as-yet unnamed Chinese state threat actor appears to be among those exploiting CVE-2025-53770 (aka ToolShell), a remote code execution vulnerability in Microsoft SharePoint, to conduct cyber ...
techzine

Microsoft SharePoint zero-day: what we know so far

The zero-day in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) have been known for a few days now. What exactly happened, how was the zero-day discovered, and are we sure we caught it in ...
The Hacker News

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, ...
The Hacker News

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said ...
Computer Weekly

Patch ToolShell SharePoint zero-day immediately, says Microsoft

Organisations running on-premise instances of Microsoft’s SharePoint collaboration and document management platform should update without delay after multiple reports of an as-yet unidentified party ...
HotHardware

A Microsoft SharePoint 0-Day Security Vulnerability Was Just Weaponized At Scale

Microsoft Systems administrators everywhere, it looks like you get a Patch Monday as a side dish to the usual Patch Tuesday this week. There's a full remote code vulnerability (RCE) exploit for ...