
ToolShell Deep Dive: The SharePoint Exploit Crisis Uncovered
From Infosecurity Magazine Podcast by Infosecurity Magazine
July 28, 2025 · 42 min
About this episode
This episode explores the vulnerabilities in Microsoft SharePoint On-Premises and features interviews with cybersecurity experts discussing the implications and responses to these threats.
In this special episode of the Infosecurity Magazine podcast, we dive deep into the rapidly evolving story surrounding Microsoft SharePoint On-Premises. Recent disclosures have revealed a series of vulnerabilities now being exploited in targeted campaigns, with Chinese threat actors at the centre but other threat actors joining in the attacks. This episode breaks down the complexities of the incident, the ongoing exploitations and the broader implications for security practitioners. Stay updated as this story unfolds and equip yourself with valuable insights to better understand and defend against emerging cyber threats. Our discussion includes: Timeline of events surrounding the ToolShell Microsoft SharePoint on-prem vulnerability (02.20) Interview with Charles Carmakal, CTO at Mandiant, now part of Google Cloud (06.38). Charles details these critical vulnerabilities and steps towards patching and what some orgnaizations may be missing, leaving them vulnerable to compromise. Interview Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant. With extensive experience from her time at the NSA and the Department of Homeland Security, Lorri provides an in-depth…
People in this episode
Guests: Charles Carmakal, Lorri Janssen-Anessi
Topics covered
- SharePoint vulnerabilities
- cybersecurity
- threat actors
- exploitations
- patching
- cyber threats
Keywords
- SharePoint exploit
- cybersecurity vulnerabilities
- Chinese threat actors
- Mandiant
- BlueVoyant
- cyber assessments
- patching vulnerabilities
Mentioned in this episode
Organizations: Mandiant, Google Cloud, BlueVoyant, NSA, Department of Homeland Security
Products: Microsoft SharePoint On-Premises
More episodes of Infosecurity Magazine Podcast
- Infosecurity Europe 2026: A Guide to Getting the Most Out of the Event · May 18, 2026 · 29 min
- Inside the Code War: Defending Against Nation-State Cyber Threats · April 20, 2026 · 38 min
- Exclusive Interview with OpenClaw’s Security Advisor · March 13, 2026 · 59 min
- Ransomware Dethroned by Cyber Fraud: Insights from the WEF’s Cybersecurity Outlook 2026 · February 11, 2026 · 31 min
- How 2025 Shaped the Future of Cybersecurity With Rebecca Taylor & Will Thomas · December 9, 2025 · 34 min
- Beyond Bug Bounties: How Private Researchers Are Taking Down Ransomware Operations · November 4, 2025 · 34 min
Explore listener stats, chart rankings, contacts and more on the Infosecurity Magazine Podcast podcast page.