Hosted on MSN

SharePoint zero-day CVE-2026-32201 allows remote code execution with no privileges required — 1,300+ servers still exposed

A critical zero-day vulnerability in Microsoft SharePoint is being exploited in the wild right now, and more than 1,300 servers remain exposed to the public internet with no patch applied. The flaw, ...
Bleeping Computer

CISA tags Microsoft SharePoint RCE bug as actively exploited

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution ...
GeekWire

Microsoft contains SharePoint security wildfire, but questions linger about on-premises software

Editor’s note: This is a guest analysis from Christopher Budd, who previously spent a decade at the Microsoft Security Response Center (MSRC). Emergency security teams know summer weekends are made ...

Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...
Infosecurity-magazine.com

Microsoft: Attackers Actively Compromising On-Prem SharePoint Customers

Microsoft has warned that attackers are actively exploiting SharePoint vulnerabilities in a high-impact, ongoing campaign impacting critical sectors like government and healthcare. The campaign is ...
Security Boulevard

Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products

Overview On June 9, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 206 security issues involving widely used products such as Windows, Microsoft Office, ...