Microsoft SharePoint Zero‑Day Exploited – Patches Released
A critical on‑premises SharePoint zero‑day (CVE‑2025‑53770/53771) is actively exploited in large‑scale “ToolShell” attacks. Malicious actors steal MachineKey and drop web shells like spinstall0.aspx for unauthenticated RCE. Microsoft issued emergency patches for 2019 & Subscription Edition; 2016 patch pending—apply immediately.