CISA Warns of New Exploit Targeting Microsoft SharePoint

CISA Warns of New Exploit Targeting Microsoft SharePoint

Hackers Exploit Microsoft SharePoint Servers; CISA Issues Urgent Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning organizations of an active exploitation campaign targeting on-premises Microsoft SharePoint servers. According to CISA’s July 20 report, the attack—known publicly as “ToolShell”—takes advantage of server vulnerabilities to grant attackers full access to internal systems.

“This exploitation activity… provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content,” CISA said in its July 20 report. The agency is currently assessing the full impact of the breach.

Microsoft acknowledged the threat on July 19, confirming that only on-premises servers are affected—SharePoint Online on Microsoft 365 is not at risk. Updates have been released for SharePoint Subscription Edition and SharePoint 2019, while patches for SharePoint 2016 are pending.

Both CISA and Microsoft urge system administrators to install the latest security updates, enable Antimalware Scan Interface (AMSI), and deploy Microsoft Defender for Endpoint. In cases where AMSI cannot be activated, CISA recommends temporarily disconnecting affected systems from the internet.

The exploit, listed under CVE-2025-49706, has been added to CISA’s Known Exploited Vulnerabilities catalog. Organizations are encouraged to review their logging practices, reduce administrative privileges, and follow Microsoft’s advanced mitigation strategies.

With over 200,000 organizations relying on SharePoint globally, the attack underscores growing cybersecurity challenges. CISA further warned of increasing threats to cloud infrastructure, calling for enhanced public-private cooperation to defend digital assets.

Related Posts
Zuckerberg’s Mega AI Plan Targets AGI Race
Meta CEO Mark Zuckerberg has announced an ambitious initiative to invest hundreds of billions of
Back-to-School Deals Fuel $24.1B Online Spending Surge
U.S. consumers helped set a new online retail record this past week, spending a staggering
Ohtani, Torres Lead 2025 MLB All-Star Game Lineups
The stage is set for the 2025 MLB All-Star Game, with both leagues revealing their
Flash Floods Slam Northeast as Storms Trigger Emergencies
Flash flooding swept across parts of the Northeast on Monday evening, as a slow-moving weather
USOPC Aligns With Executive Order on Women’s Sports
The U.S. Olympic and Paralympic Committee (USOPC) announced a policy update on July 21, confirming
Kraft Heinz Mulls $20B Split to Revive Growth
Kraft Heinz is considering a sweeping corporate restructuring that could unwind its landmark 2015 merger,
Microsoft Bars China-Based Engineers from U.S. Military Aid
Microsoft Ends China-Based Engineering Support for U.S. Military Projects Microsoft has announced that engineers based
Phillies Edge Red Sox on Rare Catcher’s Interference Call
Phillies Walk Off Red Sox on Rare Catcher’s Interference The Philadelphia Phillies secured a dramatic
Ohtani Returns to Mound as Dodgers Face Twins
Shohei Ohtani is set to continue his measured return to the mound on Monday when
CDC Warns of Rising COVID-19 Cases in Select States
Despite overall low national levels, new CDC data indicates that COVID-19 infections are climbing in
Zuckerberg’s Mega AI Plan Targets AGI Race
Meta CEO Mark Zuckerberg has announced an ambitious initiative to invest hundreds of billions of
Back-to-School Deals Fuel $24.1B Online Spending Surge
U.S. consumers helped set a new online retail record this past week, spending a staggering
Ohtani, Torres Lead 2025 MLB All-Star Game Lineups
The stage is set for the 2025 MLB All-Star Game, with both leagues revealing their
Flash Floods Slam Northeast as Storms Trigger Emergencies
Flash flooding swept across parts of the Northeast on Monday evening, as a slow-moving weather
USOPC Aligns With Executive Order on Women’s Sports
The U.S. Olympic and Paralympic Committee (USOPC) announced a policy update on July 21, confirming
Kraft Heinz Mulls $20B Split to Revive Growth
Kraft Heinz is considering a sweeping corporate restructuring that could unwind its landmark 2015 merger,
Microsoft Bars China-Based Engineers from U.S. Military Aid
Microsoft Ends China-Based Engineering Support for U.S. Military Projects Microsoft has announced that engineers based
Phillies Edge Red Sox on Rare Catcher’s Interference Call
Phillies Walk Off Red Sox on Rare Catcher’s Interference The Philadelphia Phillies secured a dramatic