Important Security Alert: Issue Found in React (Common Website Technology)
A serious security fault has been discovered in a piece of software called React, which many websites and online services use behind the scenes. This…
Microsoft SharePoint Attacks: What Your Business Needs to Know
A new wave of cyber attacks targeting Microsoft SharePoint has left many businesses exposed, according to multiple threat reports this week. Attackers are actively exploiting vulnerabilities in SharePoint to gain unauthorised access, move laterally within networks, and exfiltrate sensitive data.
Why SharePoint?
SharePoint’s widespread use as a collaboration tool makes it an attractive target for cyber criminals. Unpatched systems, poor configuration, and over-permissioned accounts create easy entry points for attackers.
How are Organisations Being Targeted?
CVE-2025-53770 (CVSS v3.1: 9.8 [Critical]) is an unauthenticated Remote Code Execution vulnerability with publicly available exploit code and has been actively exploited since 19th July 2025.
Recommended Actions for Organisations
- Patch Immediately
Apply Microsoft’s emergency updates (available for SharePoint Server 2019, SharePoint Enterprise 2019 and SharePoint Server Subscription Edition). Ensure SharePoint servers are fully patched with the latest security updates.
- Proactively Audit
Scan for outdated tools, components and ways into critical systems regularly. The team at the Cyber and Fraud Centre – Scotland is available to help with a vulnerability assessment, which will proactively identify security gaps, helping you prioritise and address issues before they can be exploited. This improves your organisation’s overall security posture, reduces the risk of breaches, and helps maintain compliance with industry standards, ultimately safeguarding your assets and reputation. More information can be found here – Vulnerability Assessments – Cyber and Fraud Centre – Scotland.
- Review Access Controls
Limit permissions to what users actually need. Over-permissioned accounts are high-risk.
- Monitor Activity
Enable and actively monitor SharePoint logs for suspicious activity, such as unusual file downloads or account logins.
- Multi-Factor Authentication (MFA)
Enforce MFA for all users, especially administrators.
- Employee Awareness
Brief staff about the risks of phishing emails linked to SharePoint content.
In the Event of a Suspected Breach
If your organisation suspects unauthorised access to SharePoint, seek professional cyber support immediately. In Scotland, the National Incident Response Helpline is available to call for free on 0800 1670 623.
Further Reading
- Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog – Microsoft Security Response Centre
Follow trusted sources for the latest threat intelligence and updates from Microsoft.
Related articles
Microsoft 365: Legacy Authentication Protocols Security Update
Starting in mid-July 2025, Microsoft will begin automatically blocking legacy authentication protocols in Microsoft 365, with full enforcement expected by August 2025. This update addresses…
EchoLeak: Critical Zero-Click Vulnerability in Microsoft 365 Copilot
A critical security vulnerability discovered in Microsoft 365 Copilot highlights that there is a risk associated with AI-powered business tools that we must continue to…