SharePointDumper is a PowerShell utility that extracts and audits SharePoint sites using Microsoft Graph. It requires an OAuth2 access token and provides detailed reports of accessed sites and downloaded files, making it useful for security assessments.

Microsoft has identified a multi-stage phishing campaign targeting the energy sector, utilizing compromised SharePoint accounts to deliver malicious links. Attackers leverage trusted identities to send phishing emails and create inbox rules, maintaining persistence while evading detection. Organizations are urged to implement stronger security measures, including phishing-resistant MFA.

A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

Recent attacks linked to Chinese hacking groups have exploited a zero-day vulnerability in Microsoft SharePoint, breaching numerous organizations globally. The vulnerabilities, identified as CVE-2025-49706 and CVE-2025-49704, were actively targeted by multiple threat actors, prompting Microsoft and CISA to release emergency patches and recommend immediate action for affected entities.

A significant security breach involving Microsoft SharePoint has exposed sensitive information at the U.S. Nuclear Weapons Agency. The hack raises concerns about the vulnerability of government systems and the potential implications for national security.

Microsoft issued an emergency security update for a critical vulnerability in SharePoint Server, known as CVE-2025-53770, which is actively being exploited by hackers to breach various organizations, including U.S. federal agencies. The flaw allows attackers to access and control compromised servers using a backdoor tool named "ToolShell," prompting urgent recommendations for organizations to take immediate protective measures beyond just patching.

Foreign hackers breached the Kansas City National Security Campus, a key site for US nuclear weapons, by exploiting unpatched vulnerabilities in Microsoft SharePoint. The incident raises concerns about the security of operational technology systems and highlights the potential involvement of either Chinese or Russian threat actors in the attack.