Critical Microsoft SharePoint Flaws Exploited Amid Major Ransomware Attack

On July 6, 2025, Microsoft confirmed that two severe zero-day vulnerabilities in SharePoint are being actively exploited, allowing remote code execution (RCE) without authentication. This alarming discovery poses a significant risk to numerous organizations utilizing Microsoft 365 environments. With over 75 confirmed exploits reported across various sectors, including finance and education, security agencies like CISA are urging immediate patching to mitigate potential damages.

In a separate incident, IT solutions distributor Ingram Micro faced a catastrophic ransomware attack by the SafePay group, which reportedly compromised their VPN systems, leading to global outages and an estimated loss of $136 million per day during the shutdown. The combination of these incidents underscores the urgent need for robust security measures across all sectors to defend against increasingly sophisticated cyber threats.

Also In Security Today

Lazarus Group Exploit: The North Korean cyber espionage group Lazarus has targeted developers by embedding malware into over 230 open-source packages on npm and PyPI. This attack could impact around 36,000 users, emphasizing the need for vigilance in software supply chains.

CISA Warning: In light of the SharePoint vulnerabilities, CISA has issued an urgent warning to organizations to prioritize patching. Failure to do so could result in severe repercussions, especially for those in critical infrastructure sectors.

Ransomware Trends: Reports indicate a rise in ransomware attacks during holiday periods, with cybercriminals taking advantage of reduced staffing and security oversight. Companies are advised to strengthen incident response plans around holiday times.

Analyst's Take

Today's incidents reinforce the reality that vulnerabilities within widely used software can lead to catastrophic consequences if not addressed promptly. Organizations must prioritize patch management and invest in proactive security measures, such as regular vulnerability assessments and employee training on phishing attacks. The escalating tactics of threat actors, particularly in targeting supply chains and essential services, highlight a pressing need for enhanced collaboration among cybersecurity professionals to share intelligence and best practices. The evolving threat landscape demands an agile response strategy to protect sensitive data and ensure business continuity.