Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 328, Issue 4IT Vendor NewsSophos

Sharepoint 'Toolshell' Vulnerabilities Being Exploited In The Wild

Sophos, Monday, July 21st, 2025

Sophos X-Ops sees exploitation across multiple customer estates

On July 18, 2025, Sophos MDR (Managed Detection and Response) analysts observed an influx of malicious activity targeting on-premises SharePoint instances, including malicious PowerShell commands executed across multiple estates. Additional analysis determined these events are likely the result of active, malicious deployment of an exploit leveraging 'ToolShell.'

We will update this page as events and understanding develop, including our threat and detection guidance.

more →  ·  More from Sophos →