"CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data."
"The key vulnerability in SharePoint Server, the 'critical'-rated CVE-2025-53770 with a CVSS score of 9.8, built upon the earlier 'medium' severity CVE-2025-49706 - a flaw Microsoft thought it had patched last month, only to find it under active exploitation as a zero-day targeting some big names."
CISA released a malware analysis report detailing ToolShell attacks on specific Microsoft SharePoint Server versions. Cyber threat actors exploited CVE-2025-49704 and CVE-2025-49706, gaining access to on-premises SharePoint servers. CISA analyzed multiple files including DLLs and web shells that could be used to steal cryptographic keys and exfiltrate data. The significant vulnerability, CVE-2025-53770, was a critical issue allowing remote code execution, exploited by various threat groups and affecting over 400 victims, including the US Department of Energy.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]