Dark Reading

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint

A complex phishing campaign is targeting Microsoft SharePoint accounts with malicious documents aimed at getting users to compromise themselves by deploying a PowerShell command. The attack is a ...
Ars Technica

SharePoint vulnerability with 9.8 severity rating under exploit across globe

Authorities and researchers are sounding the alarm over the active mass exploitation of a high-severity vulnerability in Microsoft SharePoint Server that’s allowing attackers to make off with ...
Bleeping Computer

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" ...
heise online

PowerShell 2.0 removed from Windows 11 and Windows Server from August 2025

Windows without PowerShell 2.0: Microsoft removes the version still included for compatibility for good. It has long been considered obsolete. PowerShell 2.0 is finally history: The version of the ...
Infosecurity-magazine.com

Phishing Campaign Uses Havoc Framework to Control Infected Systems

A new phishing campaign leveraging the open-source Havoc command-and-control (C2) framework has been discovered. Attackers are using modified versions of Havoc Demon Agent alongside Microsoft Graph ...
Bleeping Computer

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

Update 7/21/25: Added links to the security updates for Microsoft SharePoint 2019. Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been ...