Skip to main content Tom's Guide Tom's Guide Search Tom's Guide View Profile Newsletters Best Picks Entertainment OpenAI announcement Switch 2 Restock Galaxy Z Fold 7 iPhone 17 Air Best laptops Wordle Today Best Mattress Recommended reading Online Security It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers Online Security Google just fixed a high-severity Chrome flaw that can be used to take over your account — update right now Online Security Google just patched an actively exploited zero-day flaw — update your Android phone right now Malware & Adware Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now Malware & Adware New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe Online Security More than 184 million passwords exposed in massive data breach — Apple, Google, Microsoft and more Malware & Adware AirPlay flaw exposes all Apple devices to hacking over Wi-Fi — what you need to know Online Security Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know Amber Bouman 21 July 2025 Two zero-day flaws are versions of vulnerabilities that were patched earlier this year When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Paolo Bona / Shutterstock.com) Microsoft has released two emergency patches to address zero-day vulnerabilities that have been found in SharePoint RCE. Actively exploited in attacks, the two flaws (tracked as CVE-2025-53770 and CVE-2025-53771) are both “ToolShell” attacks that compromise services and that build on flaws that were fixed as part of July’s Patch Tuesday updates. As reported by Bleeping Computer, the new flaws were exploited by researchers back in May at a Berlin hacking contest. They did so by using a vulnerability chain that enabled the researchers to achieve remote code execution in Microsoft SharePoint. Threat actors were then able to use zero-day flaws that built on the patches from previous issues and have been conducting toolshell attacks on SharePoint servers that have directly affected over 50 organizations. The emergency patches that Microsoft has pushed out have fixed both flaws in Microsoft SharePoint Subscription Edition and SharePoint 2019 but there is currently no fix available for SharePoint 2016. You may like It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers Google just fixed a high-severity Chrome flaw that can be used to take over your account — update right now Google just patched an actively exploited zero-day flaw — update your Android phone right now Administrators should install the available updates immediately, and then rotate the machine keys as well as consider analyzing the logs and file system for the presence of malicious files or any evidence of exploitation. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. More from Tom's Guide 12 signs your phone has been hacked — and what to do next Over 200 million Amazon Prime customers warned about scammers trying to steal their accounts — how to stay safe Co-op cyberattack exposes personal data of all 6.5 million members — what to do next Today's Norton 360 with LifeLock deals 61% off - 1st year Norton 360 with LifeLock Select - Norton 360 with LifeLock Advantage - Norton 360 with LifeLock Ultimate Plus We check over 250 million products every day for the best prices Sign up to get the BEST of Tom's Guide direct to your inbox. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. See more Computing News Amber Bouman Social Links Navigation Senior Editor Security Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers Google just fixed a high-severity Chrome flaw that can be used to take over your account — update right now Google just patched an actively exploited zero-day flaw — update your Android phone right now Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe More than 184 million passwords exposed in massive data breach — Apple, Google, Microsoft and more Latest in Online Security Over 200 million Amazon Prime customers warned about scammers trying to steal their accounts — how to stay safe Co-op cyberattack exposes personal data of all 6.5 million members — what to do next 12 signs your phone has been hacked — and what to do next Meta AI was leaking chatbot prompts and answers to unauthorized users This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam 5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed Latest in News iOS 26 public beta could release later this week — here’s what we know The MSI Claw A8 is now available to pre-order in Europe — when is it coming to North America? Apple reportedly begins work on iOS 27 — and it's built for the iPhone Fold How to watch First Nations & Pasifika XV vs British & Irish Lions: Live stream the 2025 rugby game, team news New Meta prototype headsets combine goggle-like design with ultra-wide VR — and it could be a sneak peek at the Meta Quest 4 'Alien: Earth' producer says the series will feature 'more Xenomorph' than any of the movies — and I'm here for it LATEST ARTICLES Walmart's massive summer sale is live — save big on patio furniture, grills, back to school essentials and more The MSI Claw A8 is now available to pre-order in Europe — when is it coming to North America? iOS 26 public beta could release later this week — here’s what we know Apple reportedly begins work on iOS 27 — and it's built for the iPhone Fold Huge Amazon sale is live from £7 — 31 deals I’d shop this week on apparel, TVs, Apple, Lego, Shark, Ninja and more Tom's Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Terms and conditions Contact Future's experts Privacy policy Cookies policy Accessibility Statement Advertise with us Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...