- The U.S. CISA has flagged a high-severity Microsoft SharePoint flaw, CVE-2026-45659, as actively exploited, demanding federal agency patches by July 4, 2026.
- This remote code execution vulnerability allows any authenticated attacker with minimal permissions to execute code on the server.
- Separately, Microsoft uncovered two unrelated threat actors, including the ransomware group Storm-2603, operating simultaneously within a single compromised network.
- The attackers used sophisticated persistence methods, including privilege escalation and security tool evasion, complicating incident response.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a high-severity Microsoft SharePoint Server vulnerability to its catalog, citing evidence of active exploitation as of July 2026. Tracked as CVE-2026-45659, this flaw enables remote code execution and requires immediate patching.
According to Microsoft, any authenticated user, even without admin rights, can exploit this deserialization issue. Consequently, federal agencies have a critical deadline of July 4, 2026, to apply the available fixes.
Meanwhile, a separate investigation by Microsoft revealed two distinct threat actors operating in parallel within one network. The first cluster, attributed to Storm-2603, is known for deploying Warlock ransomware via SharePoint vulnerabilities.
This actor used tools like Velociraptor to blend in and established multiple remote access channels. They also escalated privileges and tampered with endpoint security to evade detection.
However, investigators discovered a second, unrelated threat actor co-existing in the same environment. This parallel activity made attribution more challenging and allowed the intrusion to expand.
The attackers successfully moved laterally into a second organization. Microsoft stated, “What may appear to be a single ransomware incident can quickly expand into something more complex.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
