CISA Warns Attackers Are Targeting Critical Internal Business Platforms
Cyber Defense Magazine, Monday, June 29th, 2026
CISA warns attackers are actively exploiting critical internal business platforms like SharePoint servers.
CISA has warned that threat actors are actively targeting critical internal business platforms, including on-premises Microsoft SharePoint servers used for collaboration and document management.
The agency added an actively exploited SharePoint remote code execution flaw (CVE-2026-45659, CVSS 8.8) to its Known Exploited Vulnerabilities catalog after observing exploitation by financially motivated and ransomware groups.
The bug lets authenticated attackers with minimal permissions run arbitrary code, and observed post-exploitation activity included tools such as Velociraptor, Cloudflare Tunnels, and Zoho Assist for persistence and lateral movement. CISA urged rapid patching, reflecting the broad risk internal enterprise platforms pose when left unpatched.