What to know about a vulnerability being exploited on Microsoft SharePoint servers
NEW YORK--Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies.
The company issued an alert to customers Saturday saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.'
Companies and government agencies around the world use SharePoint for internal document management, data organization and collaboration.
A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. 'Zero-day' refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is 'a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.'
Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.
Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to 'bypass future patching.'
Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18.
Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations and does not affect Microsoft's cloud-based SharePoint Online service.
But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors.
'While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, health care including hospitals, and large enterprise companies — are at immediate risk.'
The vulnerability targets SharePoint server software so customers of that product will want to immediately follow Microsoft's guidance to patch their on-site systems.
Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
'We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,' Sikorski advises.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Japan Today
5 hours ago
- Japan Today
Trump will reveal ‘AI Action Plan' shaped by his Silicon Valley supporters
President Donald Trump speaks during a reception for Republican members of Congress in the East Room of the White House, Tuesday, July 22, 2025, in Washington. (AP Photo/Julia Demaree Nikhinson) By The Associated Press An artificial intelligence agenda formed on the podcasts of Silicon Valley billionaires is now being set into U.S. policy as President Donald Trump leans on the ideas of the tech figures who backed his election campaign. Trump plans on Wednesday to reveal an 'AI Action Plan' he ordered after revoking President Joe Biden's signature AI guardrails. The plan and related executive orders are expected to include some familiar tech lobby pitches: accelerating the sale of AI technology abroad and making it easier to construct the energy-hungry data center buildings that are needed to form and run AI products, according to a person briefed on Wednesday's event who was not authorized to speak publicly and spoke on condition of anonymity. It might also include some of the AI culture war preoccupations of the circle of venture capitalists who endorsed Trump last year. Here's the latest: The tech industry has pushed for easier permitting to get huge data centers connected to power and water — even if it means consumers losing drinking water and paying higher energy bills. On Tuesday, 95 groups including labor unions, parent groups, environmental justice organizations and privacy advocates signed a resolution opposing Trump's embrace of industry-driven AI policy and calling for a 'People's AI Action Plan' that would 'deliver first and foremost for the American people.' Amba Kak, co-executive director of the AI Now Institute, which helped lead the effort, said the coalition expects Trump's plan to come 'straight from Big Tech's mouth.' 'Every time we say, 'What about our jobs, our air, water, our children?' they're going to say, 'But what about China?'' she said Tuesday. She said Americans should reject the White House's argument that artificial intelligence is overregulated, and fight to preserve 'baseline protections for the public.' Sacks, a former PayPal executive and now Trump's top AI adviser, has been criticizing 'woke AI' for more than a year, fueled by Google's February 2024 rollout of an AI image generator that, when asked to show an American Founding Father, created pictures of Black, Asian and Native American men. Google quickly fixed its tool, but the 'Black George Washington' moment remained a parable for the problem of AI's perceived political bias, taken up by X owner Elon Musk, venture capitalist Marc Andreessen, Vice President JD Vance and Republican lawmakers. 'The AI's incapable of giving you accurate answers because it's been so programmed with diversity and inclusion,' Sacks said at the time. Elon Musk's xAI, pitched as an alternative to 'woke AI' companies, had to scramble this month to remove posts made by its Grok chatbot that made antisemitic comments and praised Adolf Hitler. The All-In Podcast is a business and technology show hosted by four tech investors and entrepreneurs including Trump's AI czar, David Sacks. The plan and related executive orders to be announced late Wednesday afternoon are expected to include some familiar tech lobby pitches — including accelerating the sale of AI technology abroad and making it easier to construct the energy-hungry data center buildings needed to run AI products, according to a person briefed on Wednesday's event who was not authorized to speak publicly and spoke on condition of anonymity. It might also include some of the AI culture war preoccupations of the circle of venture capitalists who endorsed Trump last year. ▶ Read more on Trump's Artificial Intelligence plan Global shares rallied on Wednesday, with Tokyo's benchmark Nikkei 225 index gaining 3.5% after Japan and the U.S. announced a deal on Trump's tariffs. The tariff agreement as announced calls for a 15% U.S. import duty on goods from Japan, apart from certain products such as steel and aluminum that are subject to much higher tariffs. That's down from the 25% Trump had said would kick in on Aug. 1 if a deal was not reached. 'This Deal will create Hundreds of Thousands of Jobs — There has never been anything like it,' Trump posted on Truth Social, noting that Japan was also investing 'at my direction' $550 billion into the U.S. He said Japan would 'open' its economy to American autos and rice. Trump announced the U.S. will place a 19% tax on goods from Indonesia and the Philippines. A senior Trump official said Indonesia will charge no tariffs on 99% of its trade with the United States and drop its nontariff barriers on U.S. goods. Trump said the U.S. won't pay any tariffs in the Philippines, but they will pay 19%. 'President Trump has signed two trade deals this week with the Philippines and Japan which is likely to keep market sentiment propped up despite deals with the likes of the EU and South Korea remaining elusive, for now at least,' Tim Waterer, chief market analyst at Kohle Capital Markets, said in a report. House Speaker Mike Johnson rebuffed pressure to act on the investigation into Jeffrey Epstein, instead sending members home early on Wednesday for a month-long break from Washington after the week's legislative agenda was upended by Republican members who are clamoring for a vote. 'There's no purpose for the Congress to push an administration to do something they're already doing,' Johnson said at his last weekly news conference. The speaker's stance did little to alleviate the intra-party turmoil unfolding on Capitol Hill as many of Trump's supporters demand that the administration meet its promises to publicly release a full accounting of the sex trafficking investigation into Epstein, who killed himself in his New York jail cell in 2019 while awaiting trial. Under pressure from right-wing online influencers, as well as voters back home, rank-and-file Republicans are demanding House intervention. 'The public's not going to let this die, and rightfully so,' said Rep. Ralph Norman, a South Carolina Republican. The president told congressional Republicans at a Tuesday night dinner that European Union officials will be in town Wednesday for the talks. 'We have Europe coming in tomorrow, the next day,' Trump said after announcing a trade framework with Japan. The president sent a letter this month threatening the 27 EU member states with 30% tariffs to be imposed starting Aug. 1. © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
Japan Today
19 hours ago
- Japan Today
Teens say they are turning to AI for advice, friendship and 'to get out of thinking'
Bruce Perry, 17, demonstrates the possibilities of artificial intelligence by creating an AI companion on Character AI, Tuesday, July 15, 2025, in Russellville, Ark. (AP Photo/Katie Adkins) By JOCELYN GECKER No question is too small when Kayla Chege, a high school student in Kansas, is using artificial intelligence. The 15-year-old asks ChatGPT for guidance on back-to-school shopping, makeup colors, low-calorie choices at Smoothie King, plus ideas for her Sweet 16 and her younger sister's birthday party. The sophomore honors student makes a point not to have chatbots do her homework and tries to limit her interactions to mundane questions. But in interviews with The Associated Press and a new study, teenagers say they are increasingly interacting with AI as if it were a companion, capable of providing advice and friendship. 'Everyone uses AI for everything now. It's really taking over,' said Chege, who wonders how AI tools will affect her generation. 'I think kids use AI to get out of thinking.' For the past couple of years, concerns about cheating at school have dominated the conversation around kids and AI. But artificial intelligence is playing a much larger role in many of their lives. AI, teens say, has become a go-to source for personal advice, emotional support, everyday decision-making and problem-solving. More than 70% of teens have used AI companions and half use them regularly, according to a new study from Common Sense Media, a group that studies and advocates for using screens and digital media sensibly. The study defines AI companions as platforms designed to serve as 'digital friends,' like or Replika, which can be customized with specific traits or personalities and can offer emotional support, companionship and conversations that can feel human-like. But popular sites like ChatGPT and Claude, which mainly answer questions, are being used in the same way, the researchers say. As the technology rapidly gets more sophisticated, teenagers and experts worry about AI's potential to redefine human relationships and exacerbate crises of loneliness and youth mental health. 'AI is always available. It never gets bored with you. It's never judgmental,' says Ganesh Nair, an 18-year-old in Arkansas. 'When you're talking to AI, you are always right. You're always interesting. You are always emotionally justified.' All that used to be appealing, but as Nair heads to college this fall, he wants to step back from using AI. Nair got spooked after a high school friend who relied on an 'AI companion' for heart-to-heart conversations with his girlfriend later had the chatbot write the breakup text ending his two-year relationship. 'That felt a little bit dystopian, that a computer generated the end to a real relationship,' said Nair. 'It's almost like we are allowing computers to replace our relationships with people.' In the Common Sense Media survey, 31% of teens said their conversations with AI companions were 'as satisfying or more satisfying' than talking with real friends. Even though half of teens said they distrust AI's advice, 33% had discussed serious or important issues with AI instead of real people. Those findings are worrisome, says Michael Robb, the study's lead author and head researcher at Common Sense, and should send a warning to parents, teachers and policymakers. The now-booming and largely unregulated AI industry is becoming as integrated with adolescence as smartphones and social media are. 'It's eye-opening,' said Robb. 'When we set out to do this survey, we had no understanding of how many kids are actually using AI companions.' The study polled more than 1,000 teens nationwide in April and May. Adolescence is a critical time for developing identity, social skills and independence, Robb said, and AI companions should complement — not replace — real-world interactions. 'If teens are developing social skills on AI platforms where they are constantly being validated, not being challenged, not learning to read social cues or understand somebody else's perspective, they are not going to be adequately prepared in the real world,' he said. The nonprofit analyzed several popular AI companions in a ' risk assessment,' finding ineffective age restrictions and that the platforms can produce sexual material, give dangerous advice and offer harmful content. The group recommends that minors not use AI companions. Researchers and educators worry about the cognitive costs for youth who rely heavily on AI, especially in their creativity, critical thinking and social skills. The potential dangers of children forming relationships with chatbots gained national attention last year when a 14-year-old Florida boy died by suicide after developing an emotional attachment to a chatbot. 'Parents really have no idea this is happening,' said Eva Telzer, a psychology and neuroscience professor at the University of North Carolina at Chapel Hill. 'All of us are struck by how quickly this blew up.' Telzer is leading multiple studies on youth and AI, a new research area with limited data. Telzer's research has found that children as young as 8 are using generative AI and also found that teens are using AI to explore their sexuality and for companionship. In focus groups, Telzer found that one of the top apps teens frequent is SpicyChat AI, a free role-playing app intended for adults. Many teens also say they use chatbots to write emails or messages to strike the right tone in sensitive situations. 'One of the concerns that comes up is that they no longer have trust in themselves to make a decision,' said Telzer. 'They need feedback from AI before feeling like they can check off the box that an idea is OK or not.' Arkansas teen Bruce Perry, 17, says he relates to that and relies on AI tools to craft outlines and proofread essays for his English class. 'If you tell me to plan out an essay, I would think of going to ChatGPT before getting out a pencil,' Perry said. He uses AI daily and has asked chatbots for advice in social situations, to help him decide what to wear and to write emails to teachers, saying AI articulates his thoughts faster. Perry says he feels fortunate that AI companions were not around when he was younger. 'I'm worried that kids could get lost in this,' Perry said. 'I could see a kid that grows up with AI not seeing a reason to go to the park or try to make a friend.' Other teens agree, saying the issues with AI and its effect on children's mental health are different from those of social media. 'Social media complemented the need people have to be seen, to be known, to meet new people,' Nair said. 'I think AI complements another need that runs a lot deeper — our need for attachment and our need to feel emotions. It feeds off of that.' 'It's the new addiction,' Nair added. 'That's how I see it.' The Associated Press' education coverage receives financial support from multiple private foundations. AP is solely responsible for all content. Find AP's standards for working with philanthropies, a list of supporters and funded coverage areas at © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
Japan Today
19 hours ago
- Japan Today
These tips from experts can help your teenager navigate AI companions
Bruce Perry, 17, demonstrates Character AI, an artificial intelligence chatbot software that allows users to chat with popular characters such as EVE from Disney's 2008 animated film, WALL-E, Tuesday, July 15, 2025, in Russellville, Ark. (AP Photo/Katie Adkins) By JOCELYN GECKER As artificial intelligence technology becomes part of daily life, adolescents are turning to chatbots for advice, guidance and conversation. The appeal is clear: Chatbots are patient, never judgmental, supportive and always available. That worries experts who say the booming AI industry is largely unregulated and that many parents have no idea about how their kids are using AI tools or the extent of personal information they are sharing with chatbots. New research shows more than 70% of American teenagers have used AI companions and more than half converse with them regularly. The study by Common Sense Media focused on 'AI companions,' like Character. AI, Nomi and Replika, which it defines as 'digital friends or characters you can text or talk with whenever you want,' versus AI assistants or tools like ChatGPT, though it notes they can be used the same way. It's important that parents understand the technology. Experts suggest some things parents can do to help protect their kids: — Start a conversation, without judgment, says Michael Robb, head researcher at Common Sense Media. Approach your teen with curiosity and basic questions: 'Have you heard of AI companions?' 'Do you use apps that talk to you like a friend?' Listen and understand what appeals to your teen before being dismissive or saying you're worried about it. — Help teens recognize that AI companions are programmed to be agreeable and validating. Explain that's not how real relationships work and that real friends with their own points of view can help navigate difficult situations in ways that AI companions cannot. 'One of the things that's really concerning is not only what's happening on screen but how much time it's taking kids away from relationships in real life,' says Mitch Prinstein, chief of psychology at the American Psychological Association. 'We need to teach kids that this is a form of entertainment. It's not real, and it's really important they distinguish it from reality and should not have it replace relationships in your actual life.' The APA recently put out a health advisory on AI and adolescent well-being, and tips for parents. — Parents should watch for signs of unhealthy attachments. 'If your teen is preferring AI interactions over real relationships or spending hours talking to AI companions, or showing that they are becoming emotionally distressed when separated from them — those are patterns that suggest AI companions might be replacing rather than complementing human connection,' Robb says. — Parents can set rules about AI use, just like they do for screen time and social media. Have discussions about when and how AI tools can and cannot be used. Many AI companions are designed for adult use and can mimic romantic, intimate and role-playing scenarios. While AI companions may feel supportive, children should understand the tools are not equipped to handle a real crisis or provide genuine mental health support. If kids are struggling with depression, anxiety, loneliness, an eating disorder or other mental health challenges, they need human support — whether it is family, friends or a mental health professional. — Get informed. The more parents know about AI, the better. 'I don't think people quite get what AI can do, how many teens are using it and why it's starting to get a little scary,' says Prinstein, one of many experts calling for regulations to ensure safety guardrails for children. 'A lot of us throw our hands up and say, 'I don't know what this is!' This sounds crazy!' Unfortunately, that tells kids if you have a problem with this, don't come to me because I am going to diminish it and belittle it.' Older teenagers have advice, too, for parents and kids. Banning AI tools is not a solution because the technology is becoming ubiquitous, says Ganesh Nair, 18. 'Trying not to use AI is like trying to not use social media today. It is too ingrained in everything we do,' says Nair, who is trying to step back from using AI companions after seeing them affect real-life friendships in his high school. 'The best way you can try to regulate it is to embrace being challenged.' 'Anything that is difficult, AI can make easy. But that is a problem,' says Nair. 'Actively seek out challenges, whether academic or personal. If you fall for the idea that easier is better, then you are the most vulnerable to being absorbed into this newly artificial world.' The Associated Press' education coverage receives financial support from multiple private foundations. AP is solely responsible for all content. Find AP's standards for working with philanthropies, a list of supporters and funded coverage areas at © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
