The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that attackers are actively exploiting a high-severity remote code execution vulnerability in Microsoft SharePoint that was patched in May.
CISA's warning, issued Wednesday, indicates that the vulnerability has moved from theoretical threat to active exploitation in the wild. The flaw allows attackers to execute arbitrary code remotely on vulnerable SharePoint instances, potentially granting them full system access.
Microsoft addressed the vulnerability in its May security update, but organizations that failed to apply the patch remain at risk. The company initially rated the flaw as important; however, active exploitation has elevated its practical severity.
The vulnerability affects multiple versions of SharePoint Server, making it a broad target for attackers seeking to compromise enterprise environments. Successful exploitation could allow adversaries to steal sensitive data, deploy malware, or establish persistent access within an organization's network.
CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog, a list of flaws actively being weaponized by threat actors. This designation typically prompts federal agencies to prioritize patching within their networks.
Security researchers recommend organizations immediately verify whether SharePoint systems have received the May update. For environments where patching is delayed, CISA suggests implementing network segmentation and monitoring for suspicious SharePoint activity.
The exploitation campaign's scope remains unclear, though CISA's public warning suggests the vulnerability poses sufficient risk to warrant urgent action across government and critical infrastructure sectors. Organizations should treat this as a priority patching event rather than a routine update.
This incident underscores the importance of timely patch management. Defenders typically have a limited window to deploy fixes before threat actors weaponize disclosed vulnerabilities. The longer an organization delays patching, the greater its exposure to active exploitation campaigns.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.
Vancouver Police Department has implemented a discreet button on its website that instantly closes the page and clears browser history when clicked. The feature is designed to help domestic violence survivors quickly hide their browsing activity.
Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.
The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.