cybersecurity

4781 readers

6 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Active Global Attacks Targeting On-premises SharePoint Server (CVE-2025-53770) (msrc.microsoft.com)

submitted 3 weeks ago* (last edited 3 weeks ago) by mhewitt to c/cybersecurity

0 comments fedilink hide all child comments

IOCs:

107.191.58[.]76
104.238.159[.]149
96.9.125[.]147
Unusual POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit
Unusual POSTs to /_layouts/16/ToolPane.aspx?DisplayMode=Edit
spinstall0.aspx in SharePoint Layouts folders

Vulnerabilities:

CVE-2025-53770 (new, no patch as of 2025-07-20)
CVE-2025-49704 (2025-07-08 patch)
CVE-2025-49706 (2025-07-08 patch)

Only mitigations at this time require both SharePoint AMSI integrations to be enabled and Microsoft Defender in Active mode. Other AV is not confirmed.

Also see

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here