The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that attackers are actively exploiting a high-severity remote code execution vulnerability in Microsoft SharePoint that was patched in May.
CISA's warning, issued Wednesday, indicates that the vulnerability has moved from theoretical threat to active exploitation in the wild. The flaw allows attackers to execute arbitrary code remotely on vulnerable SharePoint instances, potentially granting them full system access.
Microsoft addressed the vulnerability in its May security update, but organizations that failed to apply the patch remain at risk. The company initially rated the flaw as important; however, active exploitation has elevated its practical severity.
The vulnerability affects multiple versions of SharePoint Server, making it a broad target for attackers seeking to compromise enterprise environments. Successful exploitation could allow adversaries to steal sensitive data, deploy malware, or establish persistent access within an organization's network.
CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog, a list of flaws actively being weaponized by threat actors. This designation typically prompts federal agencies to prioritize patching within their networks.
Security researchers recommend organizations immediately verify whether SharePoint systems have received the May update. For environments where patching is delayed, CISA suggests implementing network segmentation and monitoring for suspicious SharePoint activity.
The exploitation campaign's scope remains unclear, though CISA's public warning suggests the vulnerability poses sufficient risk to warrant urgent action across government and critical infrastructure sectors. Organizations should treat this as a priority patching event rather than a routine update.
This incident underscores the importance of timely patch management. Defenders typically have a limited window to deploy fixes before threat actors weaponize disclosed vulnerabilities. The longer an organization delays patching, the greater its exposure to active exploitation campaigns.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.