SharePoint Zero-Day Exploited | SafeBreach Podcast

Subscribe on Your Preferred Platform

In This Episode

In this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and persistence — and it’s already being used in the wild.

We discuss:

What makes this vulnerability so dangerous? (hint: there’s no patch for SharePoint 2016 yet).
Why Microsoft is advising customers to assume breach.
How SafeBreach Labs responded within 24 hours with new BAS coverage Specific indicators of compromise (IoCs) and mitigation advice.
Why this attack demands urgent attention from security teams and CISOs alike.

Whether you’re a SafeBreach customer or just trying to stay ahead of emerging threats, this episode delivers the critical insights you need — fast. 🔗 For more information on today’s CVE, check out our post on the SafeBreach blog.

White Paper

How SafeBreach Propagate Fills Critical Cybersecurity Needs for Enterprise & Mid-Sized Security Teams

Use Cases

Case Study

Fortune 500 Energy Provider Enhanced Threat Management & Business Resilience with SafeBreach

Resources

REPORT

The SafeBreach 2026 State of the Breach Report

Resource

SafeBreach & Zscaler Internet Access™

White Paper

Four Pillars of Breach and Attack Simulation

ToolShell in the Wild: SharePoint Zero-Day CVE-2025-53770 Explained

Subscribe on Your Preferred Platform

Spotify

Apple Podcasts

YouTube

In This Episode

You Might Also Be Interested In

SafeBreach Coverage for CVE-2025-53770: ToolShell Exploits Targeting Microsoft SharePoint

SafeBreach & Microsoft Defender

SafeBreach Coverage for US CERT Alert AA24-109A (Akira Ransomware)