heise online English<p>Three Chinese groups identified as attackers on Sharepoint servers</p><p>An analysis by Microsoft names three different groups from China as the attackers of the latest Sharepoint vulnerability. But it is unlikely to stop there.</p><p><a href="https://www.heise.de/en/news/Three-Chinese-groups-identified-as-attackers-on-Sharepoint-servers-10496605.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/Three-Chinese</span><span class="invisible">-groups-identified-as-attackers-on-Sharepoint-servers-10496605.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
#exploit
13 posts11 participants0 posts today
Angriffe auf Microsoft Sharepoint: Das müssen Admins nach dem Patchen tun
Das Schließen der Lücken genügt gegen die aktuellen Toolshell-Attacken nicht. Schließlich könnten Angreifer längst drin sein. Wir zeigen, wie man sie entdeckt.
SecurityAngriffe auf Microsoft Sharepoint: Das müssen Admins nach dem Patchen tunDas Schließen der Lücken genügt gegen die aktuellen Toolshell-Attacken nicht. Schließlich könnten Angreifer längst drin sein. Wir zeigen, wie man sie entdeckt.
I put together a shorter "Intelligence Brief" regarding the current exploitation of SharePoint in an attempt to aggregate "what we currently know" about the exploitation campaign(s).
https://cstromblad.com/posts/microsoft-sharepoint-cve-2025-53770/
STRÖMBLAD · UPDATED (2025-07-23): Intelligence Brief - Exploitation of Microsoft Vulnerability CVE-2025-53770This is a short Intelligence Brief covering Microsoft Sharepoint exploitation as it relates to CVE-2025-53770. It’s an aggregate view of multiple reportings of the exploitation so far.
Update: New version of Sharepoint 2016 fixes toolshell vulnerability
Microsoft is following up and is also releasing a patch for the 2016 edition of Sharepoint. Admins should install this immediately.
heise online · Update: New version of Sharepoint 2016 fixes toolshell vulnerability
More from 
Dr. Christopher Kunz
Update: Neue Version von Sharepoint 2016 behebt Toolshell-Lücke
Microsoft legt nach und veröffentlicht auch für die 2016er-Ausgabe von Sharepoint einen Flicken. Admins sollten diesen unverzüglich einspielen.
heise online · Update: Neue Version von Sharepoint 2016 behebt Toolshell-Lücke
More from Dr. Christopher Kunz
#Microsoft: Angriffe auf neue #Sharepoint-Lücke – bislang kein Patch verfügbar | Security https://www.heise.de/news/Microsoft-Angriffe-auf-neue-Sharepoint-Luecke-bislang-kein-Patch-verfuegbar-10493705.html #Patchday #Exploit
heise online · Microsoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbar
Critical Sharepoint security vulnerability: First patches are available
Microsoft has now released a patch, but attackers were not idle over the weekend. Dozens of SharePoint installations fell victim of "ToolShell"
heise online · Critical Sharepoint security vulnerability: First patches are available
More from Dr. Christopher Kunz
Kritische Sharepoint-Sicherheitslücke: Erste Patches für "ToolShell" sind da
Microsoft hat mittlerweile einen Patch veröffentlicht, Angreifer waren am Wochenende jedoch nicht untätig. Dutzende Sharepoint-Installationen wurden Opfer.
heise online · Kritische Sharepoint-Sicherheitslücke: Erste Patches für "ToolShell" sind da
More from Dr. Christopher Kunz
iMessage integration in Claude can hijack the model to do anything
https://www.generalanalysis.com/blog/imessage-stripe-exploit
www.generalanalysis.comClaude Jailbroken to Mint Unlimited Stripe Coupons | General AnalysisWe reveal a powerful metadata-spoofing attack that exploits Claude's iMessage integration to mint unlimited Stripe coupons or invoke any MCP tool with arbitrary parameters, without alerting the user.
Microsoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbar
Microsoft warnt vor aktiven Angriffen auf eine bislang unbekannte Lücke in Sharepoint-Servern und benennt Erste-Hilfe-Maßnahmen für Verteidiger.
heise online · Microsoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbar
Wii U SDBoot1 Exploit "paid the beak"
https://consolebytes.com/wii-u-sdboot1-exploit-paid-the-beak/
Continued thread
I wrote my first #HardenedBSD #exploit today and I feel proud! #exherbo #sydbox #security https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/107#note_41813
GitLabRead-only, executable memory regions can be updated by backing file writes regardless of shared status (#107) · Issues · HardenedBSD / HardenedBSD · GitLabArguably this breaks W^X. Similar implementations such as PaX prevent this. About private mappings, POSIX leaves unspecified whether changes made to the file after the mmap() call are...
Update now! Chrome security vulnerability is being exploited
Google updated its Chrome web browser on Wednesday night. The update also closes a vulnerability that had already been exploited.
heise online · Update now! Chrome security vulnerability is being exploited
Jetzt aktualisieren! Chrome-Sicherheitslücke wird angegriffen
Google hat in der Nacht zum Mittwoch den Chrome-Webbrowser aktualisiert. Das Update schließt auch eine bereits attackierte Lücke.
heise online · Jetzt aktualisieren! Chrome-Sicherheitslücke wird angegriffen
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry 
https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f
Exploit available: Patch FortiWeb vulnerability now!
On Thursday, Fortinet released an update for FortiWeb. Exploits have emerged that abuse the critical gap.
heise online · Exploit available: Patch FortiWeb vulnerability now!