The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The ...

Microsoft identified at least three threat groups believed to be affiliated with China that have been exploiting publicly ...

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader ...

CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting ...

A U.S. nuclear agency was among the victims of the SharePoint vulnerability chain, which was exploited to compromise over 54 ...

Microsoft’s security advisory emphasizes that the emergency patches provide “more robust protections” compared to earlier fixes. CVE-2025-53770 offers enhanced security beyond the CVE-2025-49704 ...

The risk for businesses who haven’t patched the ToolShell vulnerability keeps growing after new reports suggest ransomware actors are also joining the exploitation party. Researchers from Palo Alto ...

Researchers from Palo Alto Networks detail ransomware deployment and malicious backdoors in a campaign against Microsoft ...

One strain in circulation is said to be the “Warlock” ransomware, distributed freely within compromised environments. The pattern of chained exploits, combining the newer CVEs with older ones like CVE ...

A new SharePoint exploit bypassed Microsoft’s patch, exposing over 8,000 systems and revealing deep flaws in on-premise legacy security models.

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks.

No fewer than eight critical flaws that could allow a threat actor to achieve remote code execution (RCE) on a targeted ...