Huntress: Velociraptor abused as C2 after ToolShell SharePoint exploit (CVE-2025-49706). MSI payloads hosted on a workers.dev domain and a repeated Cloudflare tunnel account tag observed. #velociraptor #toolshell #CVE2025-49706 https://bit.ly/4pMW4C6

📰 Serangan ToolShell di SharePoint Targetkan Organisasi di Empat Benua

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/10/23/sharepoint-to...

#chinese #hackers #cve-2025-53770 #exploit #microsoft #sharepoint #sliver #framework #symantec #toolshell #zero-day

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch Chinese threat actors exploited a patched SharePoint flaw, CVE-2025-53770, in global espionage attacks.

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
thehackernews.com/2025/10/chin...

#Infosec #Security #Cybersecurity #CeptBiro #Chinese #ThreatActors #Exploit #ToolShell #SharePointFlaw

Sharepoint ToolShell attacks targeted orgs across four continents Sheathminer/Violet Typhoon—had taken use of ToolShell read more about Sharepoint ToolShell attacks targeted orgs across four continents

Sharepoint ToolShell attacks targeted orgs across four continents reconbee.com/sharepoint-t...

#sharepoint #Toolshell #Vulnerability #china #hackers #hacking

GitHub - reversinglabs/reversinglabs-yara-rules: ReversingLabs YARA Rules ReversingLabs YARA Rules. Contribute to reversinglabs/reversinglabs-yara-rules development by creating an account on GitHub.

Warlock is a #ransomware based on the leaked #LockBit code, & is used by the Chinese #APT group #Storm2603 in the recent #ToolShell campaign. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW

Storm-2603: Hybrid Espionage and Ransomware Operations Exploiting SharePoint ToolShell Vulnerabilities Storm-2603 is a China-based threat actor, first identified in 2025, leveraging a hybrid operational model that combines espionage tactics with financially motivated ransomware deployment. The group…

Storm-2603 milks ToolShell: CISA flags SharpyShell; Warlock hitting unpatched SharePoint. Rotate machine keys & patch now. 🔓🐼

Read: blog.alphahunt.io/storm-2603-h...

#AlphaHunt #CyberSecurity #ToolShell

Storm-2603: Hybrid Espionage and Ransomware Operations Exploiting SharePoint ToolShell Vulnerabilities Storm-2603 is a China-based threat actor, first identified in 2025, leveraging a hybrid operational model that combines espionage tactics with financially motivated ransomware deployment. The group…

🚨Storm-2603 turns ToolShell into a ransomware vending machine: Trend Micro flags Warlock riding unpatched SharePoint; CISA warns SharpyShell leaks machine keys. Patch + rotate now. 🔒

Read more / subscribe → blog.alphahunt.io/storm-2603-h...

#AlphaHunt #CyberSecurity #SharePoint #ToolShell

🚨 New immediate detection live in Network Scanner 👉 #ToolShell (CVE-2025-53770) 🚨

The latest update helps you confirm protection against ToolShell (CVE-2025-53770, CVSS 9.8) on SharePoint servers.

Did you miss this on Monday? Last week we helped several organisations address #SharePoint vulnerabilities. But what are the key messages we can learn from #ToolShell for protecting your systems?

Read more here: jcsc.je/advice-and-g...

#JerseyCI #patching #cybersecurity

CISA alerts on 'ToolShell' exploit targeting Microsoft SharePoint servers. Immediate patching and monitoring for IOCs recommended. #CyberSecurity #ToolShell #SharePoint #CISA Link: thedailytechfeed.com/cisa-issues-...

ToolShell: A wake-up call for SharePoint data management | Ground Labs ToolShell attacks reveal SharePoint’s hidden risks. Learn how to improve SharePoint data management with Enterprise Recon.

Ransomware attacks have been seen exploiting the ToolShell vulnerability chain in SharePoint. Find out what you can do to protect your environment today. 🚨 www.groundlabs.com/blog/toolshe...
#Ransomware #ToolShell #Cybersecurity

Ransomware crews are now exploiting Microsoft SharePoint zero-days.

👾 New strain: 4L4MD4R
📌 CVEs: 2025-49706, 49704 → 53770, 53771
📉 Victims: 148+ orgs, incl. U.S. govt and EU
APT meets extortion.

How should orgs respond?

#CyberSecurity #SharePoint #ZeroDay #Ransomware #ToolShell #APT #Unit42

Storm-2603 evolve nel ransomware con ak47c2 e ToolShell, puntando settori sensibili tramite exploit e backdoor avanzate.

#ak47c2 #backdoor #CheckPointResearch #Ransomware #Storm2603 #ToolShell
www.matricedigitale.it/2025/08/01/s...

🚨Check your #SharePoint Server #Toolshell
www.golem.de/news/sharepo...

Urgent: 'ToolShell' exploit targets Microsoft SharePoint servers, enabling full system control. Apply patches immediately and enhance security measures. #CyberSecurity #ToolShell #SharePoint Link: thedailytechfeed.com/toolshell-ex...

Oh je...

Eine #Sicherheitslücke in #Microsoft #Sharepoint ließ sich nach einem Patch mit nur einem zusätzlichen Zeichen im Code wieder aushebeln.

www.golem.de/news/sharepoint-angriffe...

#Cybersecurity #Toolshell […]

ToolShell: a story of five vulnerabilities in Microsoft SharePoint Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.

ToolShell: a story of five vulnerabilities in Microsoft SharePoint #Kaspersky #toolshell
securelist.com/toolshell-ex...

⚠️ #0-DAY #Microsoft
👾 #CVE-2025-53770
🔩 #ToolShell 🪏
bsky.app/profile/sent...

The Rising Threat of ToolShell: Unpacking the July 2025 SharePoint Zero-Day Exploits Explore the July 2025 ToolShell SharePoint zero-day attacks, their sector-wide impact, and why immediate, zero-trust defenses are vital.

The Rising Threat of ToolShell: Unpacking the July 2025 SharePoint Zero-Day Exploits #Chinese #State-backed #Cybersecurity #SharePoint #ToolShell #Zero-Day
blog.meatmutts.com/2025/07/the-...

Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...

'Starting on July 18, 2025, Microsoft has observed Storm-2603 deploying ransomware using these vulnerabilities'.

#ToolShell
www.microsoft.com/en-us/securi...

Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble Netherlands-based cybersecurity firm Eye Security told Reuters and Bloomberg that hackers have successfully breached at least 400 governments and businesses around the world.

Microsoft said the Chinese hackers are using the Warlock ransomware as part of the #ToolShell campaign

therecord.media/microsoft-sa...

Federal agencies confirmed to suffer incidents include
- Dept. of Energy's National Nuclear Security Administration
- Dept. of HHS's National Institutes of Health

What to know about ToolShell, the SharePoint threat under mass exploitation Easy to exploit. Unauthenticated access. Massive reach. ToolShell has it all.

What to know about #ToolShell, the #SharePoint threat under mass exploitation | #security #netsec #Microsoft #exploit | arstechnica.com/security/202...

Active exploitation of on-premise SharePoint Server vulnerabilities “ToolShell” On July 19th 2025, Microsoft reported on a set of vulnerabilities being actively exploited in-the-wild targeting on-premise SharePoint Servers, which were addressed through CVE-2025-53770 and CVE-2025...

🚨 Our team has published fresh insights into a targeted exploitation campaign using #ToolShell against on-prem SharePoint servers. The focus is on new post-compromise activity.

📖 Read more: labs.withsecure.com/publications...

#CyberSecurity #ThreatIntel #ToolShell #Infosec

Online Network Vulnerability Scanner - free scans and report Find Log4Shell, Citrix Bleed, and more critical vulnerabilities in Microsoft, Cisco, Ivanti, Atlassian, etc. with our Network Scanner. See a sample report

✅ scan SharePoint servers with an effective, single-CVE scan
✅ quickly identify remaining exposure to #ToolShell, even after applying patches
✅ get evidence (vulnerable endpoints, specific ports, validated findings) to confidently report on your security posture.

pentest-tools.com/network-vuln...

Patching SharePoint servers to ensure infra isn't vulnerable to #ToolShell (CVE-2025-53770) is half the job.

The other half is validating mitigations actually worked across the entire environment.

Our Network Scanner provides immediate, targeted & FAST detection for this 🔴 critical, unauth RCE: