&w=3840&q=100)
Hackers exploit SharePoint flaw to breach servers, Microsoft issues fix
Microsoft alerted users over the weekend, confirming that a zero-day exploit was being used and that they were working on a solution. On Sunday, the tech giant released instructions to patch the issue for SharePoint Server 2019 and SharePoint Server Subscription Edition. However, engineers are still working on a fix for the older SharePoint Server 2016.
'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president at cybersecurity firm CrowdStrike. 'It's a significant vulnerability.'
Zero-day exploit
A zero-day exploit refers to a security flaw that has just been discovered and for which there is no fix yet, giving attackers a head start before security teams can respond.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), this new threat is a variant of an existing vulnerability (CVE-2025-49706). It mainly affects organisations using on-premise SharePoint servers.
Cybersecurity experts have identified the exploit, dubbed 'ToolShell', which can allow attackers full access to SharePoint file systems. This may also impact other services linked to SharePoint, like Microsoft Teams and OneDrive, Associated Press reported.
Google's Threat Intelligence Group has warned that this vulnerability could potentially 'bypass future patching', making it even more dangerous.
Global impact and affected systems
Cybersecurity company Eye Security reported scanning more than 8,000 SharePoint servers globally. Their findings showed that at least several dozen had been compromised, and the attacks started on July 18.
Microsoft clarified that this vulnerability affects only on-premise SharePoint servers and not the cloud-based SharePoint Online service. However, the risk remains high, particularly for critical sectors.
What should users do?
Organisations using on-premise SharePoint servers are strongly urged to apply Microsoft's latest security guidance immediately. CISA has recommended that any impacted servers be taken offline until they are properly patched.
Michael Sikorski, chief technology officer and head of Threat Intelligence for Unit 42 at Palo Alto Networks, said, 'We are urging organisations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response.'
Sikorski also suggested disconnecting Microsoft SharePoint from the internet as a temporary measure until a security patch is released.
CERT-In warns Microsoft users in India
Last week, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity warning for users of Microsoft Windows and Office products. The agency flagged multiple security flaws that could put both individuals and enterprises at risk.
According to CERT-In, attackers could exploit these flaws to gain higher privileges, access sensitive data, execute remote code, and bypass security protocols. In some cases, they may also spoof identities, tamper with system settings, or trigger denial-of-service (DoS) attacks.
CERT-In has urged all users and IT administrators to apply necessary patches and take additional security measures to avoid potential exploitation.
[With agency inputs]
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
India Today
8 hours ago
- India Today
India's first private AI university launched in UP, 1.5 lakh to be trained monthly
Chief Minister Yogi Adityanath on Saturday inaugurated India's first private Artificial Intelligence-augmented multidisciplinary university in Uttar Pradesh's Unnao. The university has been set up by Chandigarh University. According to an official statement, the state is implementing Artificial Intelligence (AI) in several areas, including education, security, agriculture, administration and industry. The university is expected to support the development of technical skills in the state. advertisementUnder the AI Pragya scheme, the state government is planning to train 10 lakh people in AI, data analytics, machine learning and cybersecurity. This includes youth, teachers, village leaders, government workers and farmers. The statement also added that the training is being done in partnership with companies such as Microsoft, Intel, Google, and Guvi. The target is to train 1.5 lakh people every Pradesh is expanding the use of artificial intelligence in public safety through the Safe City Project. AI-enabled CCTV cameras, automatic number plate recognition, SOS alert systems, and facial recognition technology have been installed in 17 city corporations. These systems operate continuously and are directly linked to the 112 emergency helpline and police control rooms for real-time monitoring, the statement the agriculture sector, the Rs 4,000 crore UP-AGRIS project, backed by the World Bank, is providing AI-based solutions to 10 lakh farmers. Technologies in use include smart irrigation systems, drone-based land mapping and pest detection tools. The project has also connected 10,000 women's groups and is giving farmer-producer organisations access to digital markets. Furthermore, the Revenue Department is using satellite imaging and AI to manage land records, carry out village-level digital mapping, and support more efficient land is also being used in prison and mining operations. An AI-based monitoring system called 'Jarvis' has been installed in 70 jails to track prisoner activities. The Geology and Mining Department has introduced AI and IoT tools for better oversight of mining zones.- EndsTrending Reel IN THIS STORY#Uttar Pradesh
Time of India
9 hours ago
- Time of India
Microsoft SharePoint hacked; Astronomer CEO and HR head resign; Realme and iQoo launch phones, AI talent war heats up and other top tech news of the week
A massive cyberattack has hit Microsoft SharePoint servers globally, putting thousands of organizations at risk. Astronomer CEO Andy Byron and HR head Kristin Cabot have resigned following a viral 'Kiss Cam' incident at a Coldplay concert. Meanwhile, the AI talent war intensifies as Microsoft continues to poach top Google DeepMind staff, including a key Gemini chatbot engineer. On the consumer tech front, OnePlus, Realme, and iQoo have launched new smartphones and tablets in India, expanding their affordable offerings. Amidst these developments, Intel plans to lay off 24,000 employees. All this and more in the tech news of the week. Microsoft SharePoint hacked: What the company has to say Microsoft is scrambling to contain a widespread cyberattack targeting SharePoint servers worldwide, with cybersecurity experts warning that over 10,000 companies could be at risk. The software giant confirmed that hackers are actively exploiting previously unknown security flaws in on-premises SharePoint servers used by government agencies, universities, and major corporations to share internal documents. Read More. Astronomer CEO Andy Byron and HR head Kristin Cabot resign after 'Kiss Cam' by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Play this game for 1 minute and see why everyone is addicted. Undo Astronomer CEO Andy Byron and HR head Kristin Cabot have stepped down. Both resigned after the fallout from the recent 'Kiss Cam' incident which happened at the Coldplay concert in Boston. Both the executives were caught by the camera cuddling each other during a recent Coldplay concert. The couple after being captured by the camera looked startled, with Cabot turning away and Byron ducking. Coldplay frontman Chris Martin also said jokingly, "Either they're having an affair, or they're just very shy." The clip soon went viral and garnered millions of views. Microsoft poaches top Google DeepMind staff in AI talent war Microsoft has recruited more than 24 artificial intelligence (AI) employees from Google's DeepMind research division in recent months, marking the latest escalation in a talent war that has taken on deeply personal dimensions between two childhood friends who co-founded the Al lab that became the industry's most influential name. Amar Subramanya, the former head of engineering for Google's Gemini chatbot, became the latest high-profile defection when he announced his appointment as corporate vice-president of Al at Microsoft. Read more here. OnePlus Pad Lite launched in India: Price, specs and more OnePlus has expanded its range of products in India with the launch of OnePlus Pad Lite. The new tablet comes equipped with an 11-inch display with a Hi-Res Audio-certified quad-speaker system. The tablet is claimed to deliver up to 80 hours of music playtime and boasts of a 9,340 mAh battery. Priced at Rs 14,999 onwards, OnePlus Pad Lite will be available in the country starting August 1, 2025, at 12 PM onwards. Here's everything you need to know about the new OnePlus tablet. Realme NARZO 80 Lite 4G launched in India Realme Narzo 80 Lite 4G smartphone is here. Realme has expanded its Narzo smartphone series with the launch of Realme Narzo 80 Lite 4G smartphone in India. The affordable Realme smartphone is powered by a Unison chipset and runs Android 15 operating system. The smartphone also comes with military-grade durability, armor shell protection, and toughened corners built to withstand real-life drops and usage. Here's everything you need to know. Realme 15 series launch in India: Price and other details Realme 15 Pro 5G and Realme 15 5G have been launched in India. Positioned as the "Al Party Phone," these new devices aim to offer camera features, advanced artificial intelligence (AI) and overall performance, catering to the young users. The Realme 15 series gets a triple 50MP Ultra-Clear camera system on the Pro model and dual 50MP cameras on the standard version, both supporting 4K 60FPS video recording. Here's all you need to know. iQoo Z10R launched in India: All details here iQoo Z10R is now official. iQoo has expanded its Z-series of smartphones with the launch of iQoo Z10R smartphone in India. The smartphone packs an FHD+ display and is powered by a MediaTek chipset. The smartphone packs a 50MP main camera and is backed by a 5700 mAh battery. iQoo Z10R runs Android 15 operating system. Details. Intel to lay off 24,000 employees, cancel billions in factories Intel will slash around 24,000 employees this year - roughly a quarter of its workforce - while scrapping major expansion projects in Germany and Poland as CEO Lip-Bu Tan implements sweeping cost-cutting measures to revive the struggling chipmaker's fortunes. The semiconductor giant, which employed 99,500 core workers at the end of 2024, plans to finish 2025 with just 75,000 employees following what Tan described as "hard but necessary decisions" in his memo to staff Thursday. Read the memo. Microsoft CEO Satya Nadella's memo to staff on job cuts Microsoft CEO Satya Nadella addressed the company's massive job cuts in a candid memo to employees, acknowledging that recent layoffs affecting over 15,000 workers this year, have been "weighing heavily" on him while defending the cuts as necessary for the Redmond giant's Al transformation. Read the memo. Google Pixel 10 series India launch date out: All details Google Pixel 10 series of smartphones' India launch date has been revealed. The lineup - which is expected to include the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold - will be unveiled in India on August 21. The company has sent emails to registered users, including some in the TOI tech team, about the exclusive Pixel 10 series offer as well as listed benefits of buying Pixel smartphones from Google Store that was unveiled in India earlier this year. Click here for more details. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
New Indian Express
11 hours ago
- New Indian Express
Frankenstein Fallacy: Fear of the AI is the Default Setting
AI is more than just safe. It's your digital bodyguard. Everyone's afraid it will go rogue. But no one talks about the fact that AI is already fighting the real rogue tech and winning. For example Microsoft uses AI to spot threats faster than any human could. MIT built AI to sniff out deepfakes with 98 per cent accuracy according to a MIT-IBM Watson Lab report, 2023. YouTube and Meta use AI to delete violent or abusive content before it goes viral, says Meta Transparency Report, Q4 2023. Basically, when it comes to stopping the worst of the internet, AI is the bouncer at the digital club. In Ukraine, AI is literally helping predict attacks and save lives on the battlefield. So let's take a step back and have a tiny existential moment. The ancient Greeks had this idea that—techne, Greek for tech—reflects the soul of its maker. So if your tech is cruel, maybe you need to work on your soul. The same applies to AI. It's not about whether the bot is good or evil. It's about what we build into it. Europe's AI Act (2024) and India's Digital Personal Data Protection Act (2023) are trying to put some guardrails in place. But honestly? The biggest guardrail is us. Not laws. Not kill switches. Our intent to protect ourselves from our baser instincts. When ChatGPT got wrecked at chess, instead of breaking, it helped. We're not in a sci-fi thriller. We're in the tutorial level of a co-op game. And the bot is the one holding the map, helping us find the loot, while we complain that it might steal your XP. The future isn't about replacing humans. It's about teaming up with machines that don't need coffee, ego boosts, or bathroom breaks. So yeah, be cautious. Be smart. But don't be paranoid. The match isn't over. We're still playing. And the bot is just waiting to help us make the next best move. The question is are we building an evil overlord? Or a slightly awkward, insanely helpful sidekick who works 24/7 and doesn't care about credit?
