Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Flaw in the Wild

Threat Level

70% Cybersecurity News 8 hours ago Part of cluster #1289

Microsoft has confirmed that Chinese state- threat actors are actively exploiting critical zero-day vulnerabilities in on-premises SharePoint servers, prompting urgent security warnings for organizations worldwide. The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Key Takeaways1. CVE-2025-53770/53771 in on-premises […]...

Continue Reading on Original Site

Recommended Articles

Critical Vulnerability in JavaScript Library Exposes Millions of Apps to Code Execution Attacks

Cybersecurity News 47 minutes ago

A critical security vulnerability has been discovered in the widely-used JavaScript form-data library, potentially exposing millions of applications to code execution attacks. The vulnerability, assi...

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?

SecurityWeek 1 hour ago

Critics warn that a ban on ransomware payments may lead to dangerous unintended consequences, including forcing victims into secrecy or incentivizing attackers to shift tactics....

Interlock ransomware gang is ramping up activity, CISA warns

IT Pro Security 1 hour ago

The threat group, which uses a double-extortion technique, has been attacking organizations across North America and Europe...

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

The Hacker News 1 hour ago

The Windows banking trojan known asCoyotehas become the first known malware strain to exploit the Windows accessibility framework calledUI Automation(UIA) to harvest sensitive information. "The new Co...

Coyote Banking Trojan First to Abuse Microsoft UIA

SecurityWeek 2 hours ago

Akamai’s analysis of the Coyote malware revealed that it abuses Microsoft’s UIA accessibility framework to obtain data....

Threat Intelligence

Attack Types 1

Remote Code Execution

Vulnerabilities 3

Authentication Bypass Remote Code Execution Zero-Day

Business Intelligence

Companies 1

Microsoft

Platforms 1

SharePoint

Technical Indicators

CVEs 1

CVE-2025-53770

Information

Article ID: #4366
Published: 8 hours ago
Source: Cybersecurity News

Recommended Articles

Critical Vulnerability in JavaScript Library Exposes Millions of Apps to Code Execution Attacks

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?

Interlock ransomware gang is ramping up activity, CISA warns

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

Coyote Banking Trojan First to Abuse Microsoft UIA

Save to Folder

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies