Hackers Exploit Microsoft SharePoint Servers; CISA Issues Urgent Warning
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning organizations of an active exploitation campaign targeting on-premises Microsoft SharePoint servers. According to CISA’s July 20 report, the attack—known publicly as “ToolShell”—takes advantage of server vulnerabilities to grant attackers full access to internal systems.
“This exploitation activity… provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content,” CISA said in its July 20 report. The agency is currently assessing the full impact of the breach.
Microsoft acknowledged the threat on July 19, confirming that only on-premises servers are affected—SharePoint Online on Microsoft 365 is not at risk. Updates have been released for SharePoint Subscription Edition and SharePoint 2019, while patches for SharePoint 2016 are pending.
Both CISA and Microsoft urge system administrators to install the latest security updates, enable Antimalware Scan Interface (AMSI), and deploy Microsoft Defender for Endpoint. In cases where AMSI cannot be activated, CISA recommends temporarily disconnecting affected systems from the internet.
The exploit, listed under CVE-2025-49706, has been added to CISA’s Known Exploited Vulnerabilities catalog. Organizations are encouraged to review their logging practices, reduce administrative privileges, and follow Microsoft’s advanced mitigation strategies.
With over 200,000 organizations relying on SharePoint globally, the attack underscores growing cybersecurity challenges. CISA further warned of increasing threats to cloud infrastructure, calling for enhanced public-private cooperation to defend digital assets.
The Seattle Storm are bracing for the possible return of Skylar Diggins as they begin a three-game road trip Thursday…
The U.S. Olympic and Paralympic Committee (USOPC) announced a policy update on July 21, confirming that women’s teams at the…
Kraft Heinz is considering a sweeping corporate restructuring that could unwind its landmark 2015 merger, as the packaged food giant…
SPRINGFIELD, IL — The 2025 Illinois State Fair is making it easier and more affordable for families to enjoy this…
Lynx Overwhelm Sky 91–68 as Collier, McBride Lead the Charge The Minnesota Lynx used a dominant second and third quarter…
Microsoft Ends China-Based Engineering Support for U.S. Military Projects Microsoft has announced that engineers based in China will no longer…
This website uses cookies.