Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
CISA Alerts on SharePoint Flaw Amidst Active Exploitation

CISA Alerts on SharePoint Flaw Amidst Active Exploitation

Posted on July 2, 2026 By CWS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently emphasized a significant security flaw affecting Microsoft SharePoint Server by adding it to its Known Exploited Vulnerabilities (KEV) catalog. This comes after evidence surfaced pointing to its active exploitation.

Details of the SharePoint Vulnerability

Identified as CVE-2026-45659, this vulnerability scores a 8.8 on the CVSS scale, highlighting its severity. The flaw is linked to remote code execution caused by the deserialization of untrusted data. Microsoft had previously patched this issue in May 2026, specifically for the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

According to Microsoft’s advisories, the vulnerability can be triggered by any authenticated attacker without needing elevated privileges. A network-based attack can be initiated by an attacker with basic Site Member permissions to execute code remotely on the server.

Current Exploitation and Recommendations

CISA has noted Microsoft’s assessment that the likelihood of exploitation is low. However, details on the exploitation methods, responsible parties, or the objectives behind these activities remain undisclosed. Federal Civilian Executive Branch (FCEB) agencies have been instructed to implement the necessary fixes by July 4, 2026, to mitigate this risk.

Parallel Threat Activities Detected by Microsoft

In a related investigation, Microsoft discovered two separate threat actors operating within the same network. This finding arose during a routine ransomware probe, revealing that these actors used sophisticated methods to maintain access and complicate response efforts.

One group, identified as Storm-2603, is known for using the Warlock ransomware. They have been exploiting known vulnerabilities in on-premises SharePoint servers since mid-2025. Their initial access attempts involved probing for local file inclusion vulnerabilities, potentially through CVE-2025-11371. Post-access, the attackers deployed tools to blend malicious activities with legitimate ones and created multiple remote access channels.

Simultaneously, another unrelated actor was detected using different techniques such as DLL side-loading. This overlap made attribution challenging and highlighted the complexity of cyber threats.

Conclusion and Future Outlook

The overlapping threat activities have shown how a single incident can evolve into a multi-faceted threat involving various actors and tactics. This underscores the importance for cybersecurity teams to look beyond isolated signals and consider the broader context of security incidents.

The Hacker News Tags:CISA, CVE-2026-45659, Cybersecurity, Microsoft, network security, Ransomware, remote code execution, SharePoint, threat intelligence, Vulnerability

Post navigation

Previous Post: WhatsApp Introduces Username Reservations Ahead of Launch

Related Posts

How to Stop Python Supply Chain Attacks—and the Expert Tools You Need How to Stop Python Supply Chain Attacks—and the Expert Tools You Need The Hacker News
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa The Hacker News
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud The Hacker News
Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response The Hacker News
Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them The Hacker News
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on SharePoint Flaw Amidst Active Exploitation
  • WhatsApp Introduces Username Reservations Ahead of Launch
  • Extradition of Alleged Hacker in Scattered Spider Case to US
  • FortiBleed Attack Fuels Major Ransomware Operations
  • AI-Driven Browser Ransomware Exploits Chromium API

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on SharePoint Flaw Amidst Active Exploitation
  • WhatsApp Introduces Username Reservations Ahead of Launch
  • Extradition of Alleged Hacker in Scattered Spider Case to US
  • FortiBleed Attack Fuels Major Ransomware Operations
  • AI-Driven Browser Ransomware Exploits Chromium API

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark