Bleeping Computer

CISA tags Microsoft SharePoint RCE bug as actively exploited

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution ...
JD Supra

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that ...
Bleeping Computer

CISA: Critical Microsoft SharePoint bug now actively exploited

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. Tracked as ...
abc7NY

Microsoft SharePoint under 'active exploitation,' Homeland Security's CISA says

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has posted an alert saying it is aware of "active exploitation" of a new vulnerability to Microsoft ...
WPBF

What to know about a vulnerability being used by hackers on Microsoft SharePoint servers

Microsoft has issued an emergency fix to close off a vulnerability in Microsoft’s widely used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least ...
GeekWire

Microsoft contains SharePoint security wildfire, but questions linger about on-premises software

Editor’s note: This is a guest analysis from Christopher Budd, who previously spent a decade at the Microsoft Security Response Center (MSRC). Emergency security teams know summer weekends are made ...