One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers have been spotted exploiting a zero-day variant (CVE-2025-53770) of a SharePoint vulnerability (CVE-2025-49706) that the company partially addressed with updates released on July 8th, 2025. In the intervening days, some things have become clearer but … More

The post Storm-2603 spotted deploying ransomware on exploited SharePoint servers appeared first on Help Net Security.