Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 329, Issue 3IT Vendor NewsTrend Micro

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware

Trend Micro, Wednesday, August 20th, 2025

Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments.

Organizations continue to grapple with increasingly complex cyberthreats, as ransomware groups rapidly evolve their tactics. In a recent attack wave, the Warlock ransomware group exploited internet-exposed, unpatched on-premise Microsoft SharePoint servers, abusing newly discovered vulnerabilities to gain initial access to their target's system. Other groups such as Linen Typhoon and Violet Typhoon have also been observed exploiting these vulnerabilities against internet-facing SharePoint servers. More details on these vulnerabilities and how Trend mitigates their impact can be found in the relevant knowledge base entry.

more →  ·  More from Trend Micro →