Close Menu
    What's Hot

    ‘The crisis is deep’: The view from Russia as fuel shortages worsen | Russia-Ukraine war News

    Live Updates: Russia Hammers Ukraine’s Capital in Deadly Attacks

    Imprisoned Chinese Journalist Seeks Medical Parole for Lung Tumor

    Facebook X (Twitter) Instagram
    Trending
    • ‘The crisis is deep’: The view from Russia as fuel shortages worsen | Russia-Ukraine war News
    • Live Updates: Russia Hammers Ukraine’s Capital in Deadly Attacks
    • Imprisoned Chinese Journalist Seeks Medical Parole for Lung Tumor
    • Drones over Europe raise concerns about Russian activities
    • Indian tech tycoon bets $30M of his own money to build AI alternative to Microsoft Office
    • Bank of England to push ahead with plan to limit hedge fund leverage
    • How to survive ‘mid-career burnout’: When caregiving, parenting, and growing work duties collide
    • America Rings In 250th Birthday Amid Deep Polarization and Political Rifts
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

    adminBy adminJuly 2, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 02, 2026Vulnerability / Threat Intelligence

    SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

    The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue was addressed by Microsoft in May 2026 for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

    Microsoft noted that any authenticated attacker could trigger the vulnerability, and that it does not require admin or other elevated privileges. In a network-based attack, an authenticated attacker with a minimum of Site Member permissions (PR:L) could leverage it to execute code remotely on the SharePoint Server.

    “Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network,” CISA said.

    Cybersecurity

    According to the Windows maker’s advisory, the flaw has been tagged with an “Exploitation Less Likely” assessment. It’s currently not known how the vulnerability is being exploited, who is behind the activity, and what the end goals of these efforts are.

    In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to apply the fixes by July 4, 2026.

    Microsoft Uncovers Parallel Threat Activity from 2 Clusters

    Late last month, Microsoft revealed that a routine ransomware investigation uncovered two unrelated attackers operating simultaneously within the same network, while adopting deliberate techniques to establish persistent access and complicate incident response efforts.

    One set of attacks has been attributed to Storm-2603, a threat actor known for deploying Warlock ransomware often by exploiting known vulnerabilities in on-premises SharePoint servers since mid-2025.

    “In this case, initial access was likely attempted through a separate vulnerability, with requests for files like win.ini and web.config, indicating probing for local file inclusion,” Microsoft said. Evidence points to it being CVE-2025-11371 (CVSS score: 9.1), a critical flaw impacting Gladinet Triofox.

    Upon gaining initial access, the threat actor is said to have deployed tools like Velociraptor to blend malicious activity with trusted administrative behavior, as well as established multiple remote access channels through Cloudflare tunneling, Zoho Assist, and Secure Shell (SSH) connections configured through Visual Studio Code.

    The attack also escalated privileges by creating new local and domain administrator accounts, while a vulnerable driver (“NSecKrnl.sys”) acted as a conduit for tampering with endpoint security protections to help reduce their visibility.

    Cybersecurity

    In tandem, Microsoft said it uncovered signs of a second, unrelated threat actor co-existing in the same environment using DLL side-loading and custom backdoors, thereby making attribution more challenging.

    Further investigation uncovered that the attackers had moved laterally beyond the first network and into a second organization, which confirmed they had been compromised by the same ransomware activity attributed to Storm-2603.

    “Together, these overlapping activity streams enabled sustained access while masking the full scope of the intrusion,” the Microsoft Incident Response team said. “The blend of known ransomware tactics and hidden techniques allowed the threat actors to establish deep and lasting access.”

    “What may appear to be a single ransomware incident can quickly expand into something more complex-spanning organizations, blending tactics, and even involving multiple threat actors operating in parallel. For security teams, the implication is clear: isolated signals rarely tell the full story.”

    active added CISA CVE202645659 Exploitation KEV RCE SharePoint
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleTaiwan needs to become a ‘hornet’s nest’ of drones, US diplomat says | Weapons News
    Next Article Sandro Tonali: Tottenham agree club-record £100m deal to sign Newcastle midfielder | Football News
    admin
    • Website

    Related Posts

    Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

    July 2, 2026

    Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

    July 2, 2026

    VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

    July 2, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    ‘The crisis is deep’: The view from Russia as fuel shortages worsen | Russia-Ukraine war News

    Live Updates: Russia Hammers Ukraine’s Capital in Deadly Attacks

    Imprisoned Chinese Journalist Seeks Medical Parole for Lung Tumor

    Drones over Europe raise concerns about Russian activities

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by