Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

On Monday, after Microsoft released security patches for all impacted SharePoint versions, a CVE-2025-53770 proof-of-concept exploit was also released on GitHub, making it easier for more threat actors and hacking groups to join ongoing attacks. "This exploitation activity, publicly reported as 'ToolShell,' provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network," the cybersecurity agency said. Microsoft patched the two flaws as part of the July Patch Tuesday updates and assigned two new CVE IDs (CVE-2025-53770 and CVE-2025-53771) over the weekend for zero-days used by threat actors to compromise fully patched SharePoint servers. Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. On Friday, Dutch cybersecurity firm Eye Security first spotted zero-day attacks exploiting the CVE-2025-49706 and CVE-2025-49704 vulnerabilities (first demoed during the Berlin Pwn2Own hacking contest by Viettel Cyber Security researchers).

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 22 Jul 2025 11:30:12 +0000

Cyber News related to Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
2 days ago Krebsonsecurity.com CVE-2025-53770

Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
3 days ago Bleepingcomputer.com CVE-2025-49706

Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day - Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft released emergency security updates on ...
1 day ago Cybersecuritynews.com CVE-2025-53770

Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks - Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. These flaws were fixed as part of the ...
2 days ago Bleepingcomputer.com CVE-2025-53770

Microsoft Sharepoint ToolShell attacks linked to Chinese hackers - On Monday, after Microsoft released security patches for all impacted SharePoint versions, a CVE-2025-53770 proof-of-concept exploit was also released on GitHub, making it easier for more threat actors and hacking groups to join ongoing attacks. ...
1 day ago Bleepingcomputer.com CVE-2025-53770

Belgium probes if Chinese hackers breached its intelligence service - According to The Brussels Times, the hacked server also routed internal HR exchanges among Belgian intelligence personnel, raising concerns about the potential exposure of sensitive personal data including identity documents and CVs belonging to ...
4 months ago Bleepingcomputer.com APT3 APT30 GALLIUM

Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

US nuclear weapons agency hacked in Microsoft SharePoint attacks - Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. Dutch cybersecurity firm Eye Security first detected the zero-day ...
11 hours ago Bleepingcomputer.com APT29

US nuclear weapons agency reportedly hacked in SharePoint attacks - Unknown threat actors have reportedly breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. Dutch cybersecurity firm Eye Security first detected the ...
11 hours ago Bleepingcomputer.com APT29

China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. The hackers, dubbed Green Nailao, deployed ShadowPad ...
5 months ago Therecord.media

Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Vulnerability in the Wild - The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Microsoft has released ...
20 hours ago Cybersecuritynews.com CVE-2025-53770

Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475

Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
2 years ago Thehackernews.com BlackTech Carbanak

Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29

DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
1 year ago Cysecurity.news

Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part - The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security ...
6 days ago Cybersecuritynews.com

SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access - A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complete remote control over vulnerable ...
3 days ago Cybersecuritynews.com CVE-2025-49706

Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
1 year ago Cysecurity.news APT41

New SharePoint flaws help hackers evade detection when stealing files - Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. Microsoft SharePoint is a web-based collaborative platform that integrates with ...
1 year ago Bleepingcomputer.com

7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
1 year ago Nytimes.com

Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Cyber News related to Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)