Active Global Attacks Targeting On-premises SharePoint Server (CVE-2025-53770) (msrc.microsoft.com)
from mhewitt@infosec.pub to cybersecurity@infosec.pub on 20 Jul 17:46
https://infosec.pub/post/31758588

IOCs:

Vulnerabilities:

Only mitigations at this time require both SharePoint AMSI integrations to be enabled and Microsoft Defender in Active mode. Other AV is not confirmed.

Also see

#cybersecurity

threaded - newest