｢ Experts at the Symantec and Carbon Black Threat Hunter Team tracked multiple compromises involving CVE-2025-53770 — a vulnerability that caused alarm this summer when Microsoft warned its on-premises SharePoint customers that three separate China-based groups were exploiting it. Hundreds of governments and prominent businesses use SharePoint, particularly for maintaining their intranets ｣

https://therecord.media/sharepoint-toolshell-bug-breaches-governments-africa-south-america

#toolshel #sharepoint #cybersecurity #CVE202553770

⚠️ Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

｢ The attackers exploited two recently disclosed Microsoft SharePoint vulnerabilities — CVE-2025-53770, a spoofing flaw, and CVE-2025-49704, a remote code execution (RCE) bug — both affecting on-premises servers. Microsoft issued fixes for the vulnerabilities on July 19 ｣

https://www.csoonline.com/article/4074962/foreign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws.html

#sharepoint #hacking #cybersecurity #CVE202549704 #CVE202553770

📢 #NextcloudConf25 à Berlin 🇩🇪 : il y a quelques instants, Arawa a présenté un projet de migration de #Microsoft #SharePoint vers #Nextcloud.
👋 @nextcloud
#️⃣ #NextcloudConf #NextcloudConf2025 #OpenSource #LogicielsLibres #FOSS #FLOSS #FreeSoftware #TransfoNum #ColTer #GAFAM

📢 #NextcloudConf25 à Berlin 🇩🇪 : il y a quelques instants, Arawa a présenté un projet de migration de #Microsoft #SharePoint vers #Nextcloud.
👋 @nextcloud
#️⃣ #NextcloudConf #NextcloudConf2025 #OpenSource #LogicielsLibres #FOSS #FLOSS #FreeSoftware #TransfoNum #ColTer #GAFAM

📢 La société Arawa sera présente à Berlin 🇩🇪 pour la #Nextcloud Community Conference 2025, les 27 et 28 septembre.
🎙️ Nous y donnerons une #conférence sur la migration vers #Nextcloud depuis #Sharepoint (la date et l'horaire vous seront communiqués prochainement).
👋 @span nextcloud
#️⃣ #NextcloudConf#NextcloudConference#NextcloudConf2025#NextcloudConf25#NextcloudConference2025#NextcloudConference25#OpenSource#LogicielsLibres#FOSS#FLOSS#FreeSoftware

📢 La société Arawa sera présente à Berlin 🇩🇪 pour la #Nextcloud Community Conference 2025, les 27 et 28 septembre.
🎙️ Nous y donnerons une #conférence sur la migration vers #Nextcloud depuis #Sharepoint (la date et l'horaire vous seront communiqués prochainement).
👋 @span nextcloud
#️⃣ #NextcloudConf#NextcloudConference#NextcloudConf2025#NextcloudConf25#NextcloudConference2025#NextcloudConference25#OpenSource#LogicielsLibres#FOSS#FLOSS#FreeSoftware

Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular #SharePoint software but didn’t mention that it has long used China-based engineers to maintain the product.

#News#Tech#Cybersecurity#Government#Safety #privacy

https://www.propublica.org/article/microsoft-sharepoint-hack-china-cybersecurity

Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular #SharePoint software but didn’t mention that it has long used China-based engineers to maintain the product.

#News#Tech#Cybersecurity#Government#Safety #privacy

https://www.propublica.org/article/microsoft-sharepoint-hack-china-cybersecurity

Im aktuellen Podcast analysieren @sveckert und ich den Weg der Sharepoint-Sicherheitslücke vom Hacker:innen-Contest "Pwn2Own" in Berlin in die Hände des chinesischen Geheimdienstes (und wohl auch anderer staatlicher Spione). Und wir sprechen mit der wunderbaren Vera Bauer über ihre Erfahrungen als Tech-Youtuberin mit Konzernen, Männern und einer dreisten Firma, die ihr Gesicht und ihre Stimme geklaut hat.

https://frauen-technik.podigee.io/40-new-episode

#sharepoint #microsoft #cybersecurity #voicecloning #deepfake

Im aktuellen Podcast analysieren @sveckert und ich den Weg der Sharepoint-Sicherheitslücke vom Hacker:innen-Contest "Pwn2Own" in Berlin in die Hände des chinesischen Geheimdienstes (und wohl auch anderer staatlicher Spione). Und wir sprechen mit der wunderbaren Vera Bauer über ihre Erfahrungen als Tech-Youtuberin mit Konzernen, Männern und einer dreisten Firma, die ihr Gesicht und ihre Stimme geklaut hat.

https://frauen-technik.podigee.io/40-new-episode

#sharepoint #microsoft #cybersecurity #voicecloning #deepfake

Grave vulnerabilidad en Microsoft Sharepoint

Office 365 no solamente es un conjunto de herramientas horrible para trabajar, sino que también es inseguro 👇

https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/

#infosec #vulnerability #cve_2025_53770 #microsoft #sharepoint #office365

Sharepoint! Spannende Geschichte, wie Microsoft es nicht geschafft hat, eine Sicherheitslücke richtig zu schließen, nachdem ein ethischer Hacker diese im Rahmen eines Wettbewerbs gefunden und gemeldet hatte.
https://www.zeit.de/digital/datenschutz/2025-07/sharepoint-sicherheitsluecke-hacker-microsoft-cyberangriff/komplettansicht
#sharepoint #microsoft #cybersecurity

Microsoft is rushing to stop hackers from wreaking havoc across the globe by exploiting a flaw in its SharePoint document management software. https://www.japantimes.co.jp/business/2025/07/22/tech/microsoft-hackers-global-havoc/?utm_medium=Social&utm_source=mastodon #business #tech #microsoft #hacking #internet #cybersecurity #privacy #sharepoint

Sharepoint is in the news again. It is never a good thing when Sharepoint is in the news.

#technology #security #microsoft #sharepoint

https://www.washingtonpost.com/technology/2025/07/20/microsoft-sharepoint-hack/

Sharepoint is in the news again. It is never a good thing when Sharepoint is in the news.

#technology #security #microsoft #sharepoint

https://www.washingtonpost.com/technology/2025/07/20/microsoft-sharepoint-hack/

“Microsoft has released patches to “fully protect” SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.

#CISA …says that the scope and impact of the attacks are still being assessed, and that any servers that have been impacted by the exploit should be disconnected from the internet until an official resolution is available.”

#Sharepoint #zerodayhttps://mastodon.social/@verge/114890559136880575

For our MSFT-aligned friends in particular,

Happy POST /_layouts/15/ToolPane.aspx?DisplayMode=Edit day to all who celebrate!

https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 #sharepoint #bugs #msft #post #rce

For our MSFT-aligned friends in particular,

Happy POST /_layouts/15/ToolPane.aspx?DisplayMode=Edit day to all who celebrate!

https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 #sharepoint #bugs #msft #post #rce

OMG. #Microsoft#Copilot bypasses #Sharepoint #security so you don’t have to!

“CoPilot gets privileged access to SharePoint so it can index documents, but unlike the regular search feature, it doesn’t know about or respect any of the access controls you might have set up. You can get CoPilot to just dump out the contents of sensitive documents that it can see, with the bonus feature* that your access won’t show up in audit logs.”

The S in CoPilot stands for Security!

https://pivotnine.com/the-crux/archive/remembering-f00fs-of-old/

I left a MS SharePoint tab open and uBlock Origin tells me it's blocked 2,998 things (elements?) on the page so far. That number ticks up over time.

#SharePoint #Spyware #Surveillance #uBlockOrigin