In this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and persistence — and it’s already being used in the wild.

We discuss:

What makes this vulnerability so dangerous (hint: there's no patch for SharePoint 2016 yet)

Why Microsoft is advising customers to assume breach

How SafeBreach Labs responded within 24 hours with new BAS coverage

Specific indicators of compromise (IoCs) and mitigation advice

Why this attack demands urgent attention from security teams and CISOs alike

Whether you're a SafeBreach customer or just trying to stay ahead of emerging threats, this episode delivers the critical insights you need — fast.

🔗 For more information on today's CVE, check out our post on the SafeBreach blog.