A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...

The company has been called out repeatedly for inadequate security practices, and now we have another case in point: a successful SharePoint hack that’s among the worst in Microsoft’s history. Once ...

Microsoft has patched three critical zero-day SharePoint security flaws that hackers have already exploited to attack more vulnerable organizations. Responding to the exploits, the software giant ...

'Investigations into other actors also using these exploits are still ongoing.' When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Following on from ...

An as-yet unnamed Chinese state threat actor appears to be among those exploiting CVE-2025-53770 (aka ToolShell), a remote code execution vulnerability in Microsoft SharePoint, to conduct cyber ...

Microsoft has good news for administrators running SharePoint Server 2016. The cloud and software megacorp has published updates to close a gaping hole in the document management service. What's ...

The zero-day in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) have been known for a few days now. What exactly happened, how was the zero-day discovered, and are we sure we caught it in ...

Microsoft notified customers this past weekend regarding in-the-wild attacks targeting its SharePoint products following exploits of several vulnerabilities within the software. One of the ...

Microsoft Systems administrators everywhere, it looks like you get a Patch Monday as a side dish to the usual Patch Tuesday this week. There's a full remote code vulnerability (RCE) exploit for ...

Tech giant Microsoft has issued urgent security patch after observing "active attacks" on server software used by government agencies and businesses to share documents within organisations. According ...