Microsoft SharePoint Server 0-Day Hack Hits African Treasury, Companies, and University

The attack specifically targets on-premise SharePoint installations, exploiting previously unknown security flaws that allowed threat actors to infiltrate critical infrastructure systems belonging to government agencies, educational institutions, and private corporations. A sophisticated cyberattack exploiting a zero-day vulnerability in Microsoft SharePoint servers has compromised over 400 entities globally, with significant impact across African nations including South Africa and Mauritius. The SharePoint zero-day exploits a remote code execution vulnerability in the server’s authentication mechanism, allowing attackers to bypass standard security controls. Unlike typical SharePoint vulnerabilities that affect cloud-hosted instances, this zero-day specifically targets organizations running SharePoint servers on their own infrastructure—a configuration many institutions prefer for enhanced control and security. Microsoft has confirmed the vulnerability affects only on-premise installations, with cloud-hosted SharePoint Online services remaining secure through Microsoft’s managed security infrastructure. In South Africa alone, victims span multiple sectors including a major automotive manufacturer, several universities, local government entities, and the National Treasury, where malware was discovered on the Infrastructure Reporting Model website. The attack begins with reconnaissance scans targeting SharePoint farms running vulnerable versions, followed by exploitation of the authentication bypass to inject malicious web shells. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The malware campaign emerged last week when Dutch cybersecurity firm Eye Security detected the initial wave of breaches. The attack vector leverages unauthorized code execution capabilities within SharePoint’s document collaboration framework, enabling attackers to establish persistent access to targeted networks. Business Insider Africa analysts identified the malware’s sophisticated behavior patterns, noting its ability to remain undetected while exfiltrating sensitive data from compromised systems.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 31 Jul 2025 11:15:27 +0000

Cyber News related to Microsoft SharePoint Server 0-Day Hack Hits African Treasury, Companies, and University

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
2 months ago Krebsonsecurity.com CVE-2025-53770

Microsoft SharePoint Server 0-Day Hack Hits African Treasury, Companies, and University - The attack specifically targets on-premise SharePoint installations, exploiting previously unknown security flaws that allowed threat actors to infiltrate critical infrastructure systems belonging to government agencies, educational institutions, and ...
2 months ago Cybersecuritynews.com

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
2 months ago Cybersecuritynews.com

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
2 months ago Bleepingcomputer.com CVE-2025-49706

Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com

Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day - Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft released emergency security updates on ...
2 months ago Cybersecuritynews.com CVE-2025-53770

Irish university cancels all classes due to major IT security issue - On Monday, Munster Technological University in Ireland declared that its campuses in Cork would be shut down due to a major IT breach and telephone outage. All classes, both full-time and part-time, have been cancelled for Tuesday and Wednesday, ...
2 years ago Therecord.media

Switzerlands Biggest University Confirms Major Cybersecurity Breach - On Friday, the University of Zurich, Switzerland's largest university, reported that it had been the target of a serious cyberattack. This attack is part of a recent surge of hacks targeting German-speaking institutions. The university's website is ...
2 years ago Therecord.media

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

Microsoft Released an Emergency Security Update to Patch a Critical SharePoint 0-Day Vulnerability - Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. Microsoft Defender for Endpoint generates specific alerts, including ...
2 months ago Cybersecuritynews.com CVE-2025-53770

US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
1 year ago Therecord.media Lazarus Group

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own - During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. Palo Alto ...
4 months ago Bleepingcomputer.com

10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515

China's biggest lender ICBC hit by ransomware attack - Industrial and Commercial Bank of China Ltd Nov 10 - The Industrial and Commercial Bank of China's U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ...
1 year ago Reuters.com LockBit

Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Vulnerability in the Wild - The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Microsoft has released ...
2 months ago Cybersecuritynews.com CVE-2025-53770

University of Michigan: Employee, student data stolen in cyberattack - The University of Michigan says in a statement today that hackers breaching its network in August accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. Unauthorized ...
1 year ago Bleepingcomputer.com

CISA Warns of Microsoft SharePoint server 0-Day RCE Vulnerability Exploited in Wild - CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as ...
2 months ago Cybersecuritynews.com CVE-2025-53770

New SharePoint flaws help hackers evade detection when stealing files - Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. Microsoft SharePoint is a web-based collaborative platform that integrates with ...
1 year ago Bleepingcomputer.com

Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com

Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part - The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security ...
2 months ago Cybersecuritynews.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

Stanford University investigating cyberattack after ransomware claims - Stanford University is investigating a cybersecurity incident within its Department of Public Safety after a ransomware gang claimed it attacked the school on Friday. A spokesperson for the university directed Recorded Future News to a statement ...
1 year ago Therecord.media Akira

Kansas State University cyberattack disrupts IT network and services - Kansas State University announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. Kansas State University is a public land-grant ...
1 year ago Bleepingcomputer.com

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks - Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. These flaws were fixed as part of the ...
2 months ago Bleepingcomputer.com CVE-2025-53770