
Microsoft SharePoint Attacks: What Your Business Needs to Know
A new wave of cyber attacks targeting Microsoft SharePoint has left many businesses exposed, according to multiple threat reports this week. Attackers are actively exploiting…
Starting in mid-July 2025, Microsoft will begin automatically blocking legacy authentication protocols in Microsoft 365, with full enforcement expected by August 2025. This update addresses critical vulnerabilities frequently exploited by cyber criminals for brute-force attacks and unauthorised access attempts.
Over 99% of password spray and over 97% of credential stuffing attacks arise from legacy authentication protocols. Azure AD accounts that disabled legacy authentication encounter 67% fewer compromises than those with legacy authentication enabled.
Legacy authentication protocols remain vulnerable because they cannot support multi-factor authentication (MFA) and make systems susceptible to credential theft, phishing, and brute-force attacks.
This security update substantially reduces attack surfaces available to cyber criminals and organisations should focus on application inventory, user communication, and testing to ensure business continuity while maximising security benefits.