A critical vulnerability in Microsoft SharePoint Server (CVE-2025-53770, CVSS 9.8) is being actively exploited in a large-scale campaign, breaching over 75 organizations, including banks, hospitals, and government systems. The flaw, a deserialization of untrusted data bug, allows unauthenticated attackers to execute remote code. Microsoft has acknowledged the attacks and is preparing a comprehensive fix, urging users to apply mitigations like enabling AMSI integration and deploying Defender AV. Patch immediately and monitor for suspicious activity to protect on-premises SharePoint servers.

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770.

We have outlined mitigations and detections in our blog. Our team is working urgently to release a security update and will share more details as they become available.

RedMug.io, a new player in the cybersecurity arena, has officially launched, offering a suite of advanced security solutions tailored to protect businesses from evolving cyber threats. With a focus on innovative approaches, RedMug.io aims to provide comprehensive protection for digital assets, combining real-time threat detection, incident response, and proactive risk management. The service is designed to be scalable, catering to both small enterprises and large organizations. As cyber threats continue to grow in complexity, RedMug.io positions itself as a vital resource for companies looking to safeguard their operations and data.