Microsoft fixes 2 SharePoint zero-days under attack
Digest more
The U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises
More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities.
Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.
Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the SharePoint vulnerabilities
Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days.
The term "zero-day" attack refers to when a previously unknown vulnerability is targeted. Tens of thousands of servers are said to be at risk. While the issue is serious, it differs from several previous vulnerabilities related to Microsoft. The attack only affects on-premises servers; cloud-based servers are unaffected.
At least 85 servers worldwide have been compromised through a Microsoft service vulnerability that has been used to achieve remote code execution.
The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday updates.