Critical Threats: Microsoft Zero-Day & VMware Hypervisor Attacks – Are You Exposed?

 

Microsoft just issued an urgent warning about a critical zero-day in SharePoint Server (CVE-2025-53770) with a severity score of 9.8—and yes, it’s already under attack. Dubbed “ToolShell”, this vulnerability lets attackers drop web shells and steal encryption keys. Microsoft urges everyone to deploy mitigations NOW, enable Defender AV, and assume compromise. A patch isn’t out yet, but the threat is real—and possibly nation-state backed. At the same time, VMware environments are being targeted by Chinese-linked group Fire Ant and the notorious Scattered Spider gang. These attackers are: * Infiltrating vCenter and ESXi using known CVEs * Bypassing segmentation * Injecting commands from host to guest * Cloning VMs and deploying ransomware at the hypervisor layer They’re even using social engineering to hijack Active Directory accounts and pivot into vSphere—fast. And it’s not just nation-states. Ransomware crews are in on the action. Oh—and if you're in Australia, you might’ve heard about a driver's license database breach being used to track identities and locations. Phishing scams, identity theft, and hyper-targeted fraud are on the rise. Stay vigilant. Freeze your credit. Hang up on suspicious callers. https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ https://www.securityweek.com/sharepoint-under-attack-microsoft-warns-of-zero-day-exploited-in-the-wild-no-patch-available/ https://cybersecuritynews.com/vgauth-flaws-of-vmware-tools/ 🔐 For deep observability and a modern defense platform that helps spot, stop, and investigate these threats fast—Plixer’s got your back. 🛡️ Stay safe. Stay alert. Subscribe for more cyber updates.