Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations.
The same threat actors also compromised two government departments in the same African country during the same time period. Zingdoor, which was deployed on the networks of all three organizations, has in the past been associated with the Chinese group Glowworm (aka Earth Estries, FamousSparrow).
Commenting on this is Roger Grimes, CISO Advisor at KnowBe4:
“I think this is yet another great example of why default auto-patching should be required in every software program and device with firmware. That’s because every patch for every announced vulnerability will not be applied 100% by everyone. In fact, it’s very common for 10% – 25% of related instances to remain unpatched for months — and even years — after a patch is released. There are always people who don’t apply critical patches for some reason or another. But if auto-patching were the default, more instances would get patched in a timely manner.”
I wasn’t a believer in patching as soon as patches come out. But I have changed my mind on that front and I patch everything ASAP to stop a threat actor from making my life miserable. Perhaps you should consider doing the same thing as clearly this is a today problem.
Like this:
Like Loading...
Related
This entry was posted on October 22, 2025 at 1:27 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Sharepoint ToolShell attacks targeted organizations across four continents
Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations.
The same threat actors also compromised two government departments in the same African country during the same time period. Zingdoor, which was deployed on the networks of all three organizations, has in the past been associated with the Chinese group Glowworm (aka Earth Estries, FamousSparrow).
Commenting on this is Roger Grimes, CISO Advisor at KnowBe4:
“I think this is yet another great example of why default auto-patching should be required in every software program and device with firmware. That’s because every patch for every announced vulnerability will not be applied 100% by everyone. In fact, it’s very common for 10% – 25% of related instances to remain unpatched for months — and even years — after a patch is released. There are always people who don’t apply critical patches for some reason or another. But if auto-patching were the default, more instances would get patched in a timely manner.”
I wasn’t a believer in patching as soon as patches come out. But I have changed my mind on that front and I patch everything ASAP to stop a threat actor from making my life miserable. Perhaps you should consider doing the same thing as clearly this is a today problem.
Share this:
Like this:
Related
This entry was posted on October 22, 2025 at 1:27 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.