Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A newly discovered exploit, “ToolShell,” is fueling a wave of targeted attacks against on-premises Microsoft SharePoint servers. The zero-day exploit chains two vulnerabilities—CVE-2025-53770, a remote code execution (RCE) vulnerability and CVE-2025-53771, a spoofing vulnerability that allows attackers to bypass authentication. When combined, this critical zero-day vulnerability gives attackers persistent unauthenticated remote access to on-premises SharePoint servers.

Two critical zero-day vulnerabilities in the Microsoft SharePoint Server environment, CVE-2025-53770 (9.8 CVSS score) and CVE-2025-53771 (6.5 CVSS score), are being actively exploited by threat actors to compromise vulnerable on-premises SharePoint servers. The two new vulnerabilities are part of a complex attack chain dubbed “ToolShell”, which grants threat actors access to unpatched SharePoint servers’ content and the ability to execute code over the network.

A newly disclosed vulnerability, CVE-2025-53770, has sent shockwaves through the enterprise IT and cybersecurity community. Affecting on-premises Microsoft SharePoint Server, this critical flaw enables unauthenticated remote code execution (RCE) through insecure deserialization of untrusted data. With a CVSS v3.1 score of 9.8, it represents one of the most severe threats to SharePoint deployments in recent years.

A serious new vulnerability (CVE-2025-53770, also known as “ToolShell”) is actively being exploited by cybercriminals to hack into on-premises Microsoft SharePoint Servers. The vulnerability, along with CVE-2025-53771 was discovered around July 18, 2025. Bitsight Research classifies CVE-2025-53770 as 10 out of 10 on our Dynamic Vulnerability Exploit (DVE) scale and CVE-2025-53771 as a 5.82 out of 10 indicating severe and moderate urgency respectively.

On July 19, 2025, Microsoft disclosed CVE-2025-53770, a critical zero-day Remote Code Execution (RCE) vulnerability. Assigned a CVSS 3.1 base score of 9.8 (Critical), the vulnerability affects SharePoint Server 2016, 2019, and the Subscription Edition, along with unsupported 2010 and 2013 versions. Cloudflare’s WAF Managed Rules now includes 2 emergency releases that mitigate these vulnerabilities for WAF customers.

We’re excited to announce a major Seemplicity release packed with new AI-driven features that help you fix faster, prioritize better, and streamline remediation at scale. This release introduces breakthrough capabilities that reduce noise, provide clarity, and eliminate bottlenecks between identifying risks and resolving them.

Starting on July 19th, 2025, an npm supply chain security incident has been attacking maintainers of popular open-source npm packages on the npm registry.

Today, we’re excited to announce a preview of the Model Context Protocol (MCP) Server for Nucleus. This marks an important step towards AI-native workflows for vulnerability and exposure management. Model Context Protocol (MCP) is an emerging industry standard enabling seamless integration between enterprise applications and AI models. Backed by leading organizations like OpenAI, Microsoft, and Google, MCP servers are quickly becoming the foundation for AI-enablement across the enterprise.

Not long ago, “visibility” was the North Star of cybersecurity. If you could just see all your assets, vulnerabilities, and misconfigurations, you could manage the risk. But that logic doesn’t hold up anymore; not in a world where your infrastructure is scattered across multiple clouds, tied together by APIs you didn’t build, and partially run by vendors you barely know.