BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA Flags Actively Exploited Microsoft SharePoint Flaw

CISA demands urgent SharePoint patch amid active ransomware attacks exploiting parallel vulnerabilities.

  • The U.S. CISA has flagged a high-severity Microsoft SharePoint flaw, CVE-2026-45659, as actively exploited, demanding federal agency patches by July 4, 2026.
  • This remote code execution vulnerability allows any authenticated attacker with minimal permissions to execute code on the server.
  • Separately, Microsoft uncovered two unrelated threat actors, including the ransomware group Storm-2603, operating simultaneously within a single compromised network.
  • The attackers used sophisticated persistence methods, including privilege escalation and security tool evasion, complicating incident response.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a high-severity Microsoft SharePoint Server vulnerability to its catalog, citing evidence of active exploitation as of July 2026. Tracked as CVE-2026-45659, this flaw enables remote code execution and requires immediate patching.

- Advertisement -

According to Microsoft, any authenticated user, even without admin rights, can exploit this deserialization issue. Consequently, federal agencies have a critical deadline of July 4, 2026, to apply the available fixes.

Meanwhile, a separate investigation by Microsoft revealed two distinct threat actors operating in parallel within one network. The first cluster, attributed to Storm-2603, is known for deploying Warlock ransomware via SharePoint vulnerabilities.

This actor used tools like Velociraptor to blend in and established multiple remote access channels. They also escalated privileges and tampered with endpoint security to evade detection.

However, investigators discovered a second, unrelated threat actor co-existing in the same environment. This parallel activity made attribution more challenging and allowed the intrusion to expand.

- Advertisement -

The attackers successfully moved laterally into a second organization. Microsoft stated, “What may appear to be a single ransomware incident can quickly expand into something more complex.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

2026 Stock Outlook Bullish on Strong Earnings, AI Boom

The S&P 500 is up over 7% through late June 2026, with the second-half...

Robinhood expands to Europe with leveraged futures

Robinhood is expanding its European derivatives, offering perpetual futures on traditional assets like commodities...

Unpatched Argo CD flaw risks full Kubernetes takeover

An unpatched flaw in Argo CD's repo-server component allows for unauthenticated remote code execution...

Fed to Hike Interest Rates This Year: Polymarket

Market odds now favor a Federal Reserve interest rate increase before year-end, despite no...

Bearish Signs: Analysts Flag $50K Target, ETF Outflows, Efficiency Drop

Analyst Benjamin Cowen noted Bitcoin's current price near $60,326 mirrors its June/July 2018 level,...

Must Read

Top 8 Best Anonymous Web Hosting Companies That Accept Crypto

Nowadays, there is plenty of information about people online, and malicious people use them to carry out inappropriate activities. If you want to keep...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading