The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent call for organizations to address critical vulnerabilities in SharePoint Server, which are being actively exploited. The three identified vulnerabilities, CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, affect all supported on-premises versions of SharePoint Server, including the Subscription Edition, 2019, and 2016. These flaws could lead to remote code execution and allow attackers to perform post-exploitation activities like stealing Internet Information Services machine keys and executing deserialization techniques. CISA also advises patching two other SharePoint vulnerabilities, CVE-2026-55040 and CVE-2026-58644, which, while not yet exploited, pose significant risks. Additionally, Symantec researchers have identified a new ransomware strain called 'Spirals' that executed a rapid attack on a South Asian IT services company. This ransomware, written in Rust, is capable of encryption, lateral movement, and privilege escalation. In another development, a coordinated law enforcement effort led by Dutch authorities has resulted in the arrest of key figures in an international investment fraud scheme. This operation underscores the global nature of cyber threats and the importance of international cooperation in tackling cybercrime. These events highlight the critical need for organizations to maintain robust cybersecurity measures and stay informed about emerging threats.
CISA Urges Immediate Patch for Exploited SharePoint Vulnerabilities
CISA warns of actively exploited SharePoint vulnerabilities and flags a stealthy ransomware family and law-enforcement takedowns.


