The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The ...

The risk for businesses who haven’t patched the ToolShell vulnerability keeps growing after new reports suggest ransomware actors are also joining the exploitation party. Researchers from Palo Alto ...

Microsoft identified at least three threat groups believed to be affiliated with China that have been exploiting publicly ...

Ransomware gangs have escalated a cyberattack campaign targeting Microsoft SharePoint servers, joining forces with suspected ...

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader ...

Microsoft released patches for a SharePoint zero-day bug after hackers compromised over 400 servers worldwide using ...

More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the ...

More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.

ESET Research has been monitoring intense attacks involving the recently discovered ToolShell zero-day vulnerabilities.

An ongoing cyberattack campaign known as “ToolShell” is exploiting on-premises Microsoft SharePoint Servers and has reportedly compromised organizations worldwide.

Dubbed ToolShell, the related vulnerabilities, CVE-2025-53770 and CVE-2025-53771, allow for remote code execution (RCE) and server spoofing in SharePoint.

Microsoft released a patch Monday for SharePoint Server 2016 that protects customers against a pair of vulnerabilities, which have been widely exploited in a wave of cyberattacks known as “ToolShell.” ...