ALERT: 400+ orgs hit‼️ including the US DoE & NIH.
China-linked APTs are deploying persistent web shells via ToolPane.aspx in SharePoint. Full server takeover possible.
A major cyber campaign is actively exploiting two critical vulnerabilities (CVE-2025-53770 and CVE-2025-53771) in Microsoft SharePoint servers, impacting over 400 organizations worldwide—including high-profile targets like the U.S. Department of Energy and the National Institutes of Health. The attack, dubbed “ToolShell,” involves sophisticated web shell deployment, credential theft, and persistent access by China-linked APT groups. In response to this escalating threat, we have published a detailed advisory highlighting the attack vectors, indicators of compromise, and urgent mitigation steps.
Read the full report below to assess your exposure and secure your environment. Click here.