CyberSecurityBoard
Sponsor Register Login

Warlock Ransomware Actors Exploiting SharePoint ToolShell Zero-Day

Warlock ransomware operators have been actively exploiting a zero-day vulnerability in SharePoint ToolShell to advance their malicious campaigns. This zero-day flaw allows attackers to execute arbitrary code and escalate privileges within compromised systems, facilitating ransomware deployment and data exfiltration. The exploitation of SharePoint ToolShell zero-day highlights the increasing trend of threat actors targeting collaboration platforms to maximize impact. Organizations using SharePoint are urged to apply mitigations and monitor for suspicious activities related to this vulnerability. The Warlock group is known for its sophisticated ransomware operations, combining zero-day exploits with social engineering and lateral movement techniques to infiltrate networks deeply. This article delves into the technical details of the SharePoint ToolShell zero-day, the tactics employed by Warlock ransomware actors, and recommended defensive measures. It also discusses the broader implications for enterprise security and the importance of timely patching and threat intelligence sharing to mitigate such advanced threats. Cybersecurity teams must prioritize detection and response strategies to counteract the evolving ransomware landscape exemplified by Warlock's exploitation of SharePoint vulnerabilities.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 24 Oct 2025 18:00:29 +0000


Cyber News related to Warlock Ransomware Actors Exploiting SharePoint ToolShell Zero-Day

Warlock Ransomware Actors Exploiting SharePoint ToolShell Zero-Day - Warlock ransomware operators have been actively exploiting a zero-day vulnerability in SharePoint ToolShell to advance their malicious campaigns. This zero-day flaw allows attackers to execute arbitrary code and escalate privileges within compromised ...
1 month ago Cybersecuritynews.com CVE-2024-2739 Warlock
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
9 months ago Cybersecuritynews.com
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
4 months ago Cybersecuritynews.com
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
4 months ago Krebsonsecurity.com CVE-2025-53770
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
7 months ago Cybersecuritynews.com
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day - Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft released emergency security updates on ...
4 months ago Cybersecuritynews.com CVE-2025-53770
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
4 months ago Bleepingcomputer.com CVE-2025-49706
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News - While the group is based in China, Microsoft previously said it is “unable to confidently assess the threat actor’s objectives.” The two other Chinese groups identified with the so-called “ToolShell” campaign — Linen Typhoon and Violet ...
4 months ago Therecord.media CVE-2025-49706
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Microsoft: SharePoint servers also targeted in ransomware attacks - Microsoft Threat Intelligence researchers have also linked the Linen Typhoon and Violet Typhoon Chinese state-backed hacking groups with these attacks on Tuesday, days after Dutch cybersecurity firm Eye Security first detected zero-day attacks ...
4 months ago Bleepingcomputer.com LockBit CVE-2025-49706
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks - Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. These flaws were fixed as part of the ...
4 months ago Bleepingcomputer.com CVE-2025-53770
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
1 year ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
2 years ago Bleepingcomputer.com
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own - During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. Palo Alto ...
6 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
2 years ago Bleepingcomputer.com
Microsoft SharePoint Server 0-Day Hack Hits African Treasury, Companies, and University - The attack specifically targets on-premise SharePoint installations, exploiting previously unknown security flaws that allowed threat actors to infiltrate critical infrastructure systems belonging to government agencies, educational institutions, and ...
4 months ago Cybersecuritynews.com
Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT28 APT29 APT3 BianLian
US nuclear weapons agency reportedly hacked in SharePoint attacks - Unknown threat actors have reportedly breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. Dutch cybersecurity firm Eye Security first detected the ...
4 months ago Bleepingcomputer.com APT29
US nuclear weapons agency hacked in Microsoft SharePoint attacks - Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. Dutch cybersecurity firm Eye Security first detected the zero-day ...
4 months ago Bleepingcomputer.com APT29

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)