A top security researcher claims the massive SharePoint zero-day attack was fueled by a leak from a Microsoft partner program, giving hackers a critical head start.

Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, ...

Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to ...

A program to share information with cybersecurity companies may have exposed unpatched flaws in the company’s SharePoint ...

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code ...

Researcher Khoa Dinh originally discovered the attack chain, and earlier this month, Code White GmbH was able to reproduce ...

Microsoft has confirmed that vulnerabilities in its on-premises SharePoint Server installations, a network spoofing vulnerability (CVE-202549706), ...

It's not just data theft. A China-based hacking group is using a flaw in vulnerable SharePoint servers to deliver ransomware, ...

Department of Homeland Security headquarters, several of its agencies and the Department of Health and Human Services have ...

Hackers are actively exploiting a critical SharePoint zero-day (CVE-2025-53770), hitting 400+ firms and institutions like the ...

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks ...

Microsoft has pointed the finger at three Chinese nation-state actors for exploiting the SharePoint vulnerabilities. Here's what we know about the security flaws and how to guard against future ...