Threat Research

    ToolShell Unleashed: Decoding the SharePoint Attack Chain

    A surge in active exploitation is targeting newly revealed vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771)....
    9/5/2025  0
    Read More »

    MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities of spinstall0.aspx

    Detects the exploitation of SharePoint servers through ToolShell CVE-2025-53770. The previous related CVEs are CVE-2025-49706 and CVE-2025-49704. CVE-2025-53770 introduces a new and stealthy webshell, known as SharpyShell, which extracts and leaks cryptographic secrets from the SharePoint server via a basic GET request....
    8/7/2025  0
    Read More »

    Inside The ToolShell Campaign

    We are currently monitoring several threat actors actively targeting on-premises Microsoft SharePoint servers. These attacks utilize a newly uncovered exploit chain referred to as "ToolShell."...
    7/31/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.