CISA has added CVE-2026-20963, a critical unauthenticated remote code execution deserialization flaw in Microsoft SharePoint, to its Known Exploited Vulnerabilities catalog. Federal agencies were given three days to patch. Microsoft had originally patched the bug in January 2026 and rated exploitation as 'less likely.' The attackers' identities remain unknown, and it is unclear whether ransomware groups are involved. This follows a wave of SharePoint exploitation in 2025, including attacks by Chinese state-sponsored groups like Salt Typhoon and ransomware operators who compromised over 400 organizations.
Sort: