SharePoint under fire: ToolShell attacks hit organizations worldwide

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

25 Jul 2025

The ESET research team has released their findings about exploitation of CVE-2025-53770 and CVE‑2025‑53771, zero-day vulnerabilities in on-premises Microsoft SharePoint servers dubbed ToolShell. ESET's data shows that attacks hit victims globally, with the US (13.3% of attacks) being the most-targeted country.

What else is there to know about the incursions and what should organizations do to stay safe? Watch the video with ESET Chief Security Evangelist Tony Anscombe and make sure to read the blogpost itself,