Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. ApolloShadow has the Read More …

CVE-2025-53770 – Zero-day exploitation in the wild of Microsoft SharePoint servers

Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure from Microsoft. The Read More …

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and Read More …

Hundreds of organizations breached by SharePoint mass-hacks

Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signaling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity Read More …

Microsoft releases urgent SharePoint security flaw patches

Microsoft has released an urgent patch to fix a zero-day vulnerability affecting on-premises SharePoint servers. The vulnerability is already being exploited in the wild, which is why users are urged to apply the patch immediately and secure their assets. Three Read More …

Preventing Zero-Click AI Threats: Insights from EchoLeak

EchoLeak (CVE-2025-32711) is a newly identified vulnerability in Microsoft 365 Copilot, made more nefarious by its zero-click nature, meaning it requires no user interaction to succeed. It demonstrates how helpful systems can open the door to entirely new forms of Read More …

Iranian missile strikes tech park housing Microsoft office in Israel’s Beer Sheva

First responders are searching buildings for people wounded after an Iranian missile struck close to a tech park in the Israeli city of Beer Sheva, according to Israel’s emergency services agency Magen David Adom (MDA). MDA said they found six Read More …

Patch Tuesday – June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for Read More …

Europol and Microsoft disrupt world’s largest infostealer Lumma

Europol’s European Cybercrime Centre has worked with Microsoft to disrupt Lumma Stealer (“Lumma”), the world’s most significant infostealer threat. This joint operation targeted the sophisticated ecosystem that allowed criminals to exploit stolen information on a massive scale. Europol coordinated with Read More …