SharePoint Zero-Day Crisis: How ToolShell Exposed 400+ Organizations and What It Means for Your Risk Assessment
· 13 min read
The cybersecurity world woke up to a nightmare scenario this July. Two critical SharePoint zero-day vulnerabilities, dubbed "ToolShell," have been actively exploited by state-sponsored actors to compromise over 400 organizations globally, including U.S. nuclear agencies, major banks, and healthcare systems. With CVSS scores of 9.8 and 7.1, these vulnerabilities enable unauthenticated remote code execution and administrative access—a perfect storm for catastrophic breaches. If you're running SharePoint, every second without patching increases your risk exponentially. This deep dive reveals the attack mechanics, real-world impact, and why traditional risk assessment failed to predict this crisis.