A top security researcher claims the massive SharePoint zero-day attack was fueled by a leak from a Microsoft partner program, giving hackers a critical head start.

Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, ...

Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to ...

A program to share information with cybersecurity companies may have exposed unpatched flaws in the company’s SharePoint ...

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code ...

Microsoft has confirmed that vulnerabilities in its on-premises SharePoint Server installations, a network spoofing vulnerability (CVE-202549706), ...

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the ...

This Alert was updated to reflect newly released information from Microsoft, and to correct the actively exploited Common ...

A series of cyber intrusions targeting Microsoft’s SharePoint platform has triggered alarm across global businesses and ...

CISA gave agencies until the end of the day on Monday to mitigate a severe zero-day vulnerability in Microsoft's widely used ...

Google's Mandiant links a China-nexus hacking group to attacks on a critical SharePoint zero-day (CVE-2025-53770), as ...

More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the ...