SharePoint
Coverage of SharePoint in the Nexus archive.
- Microsoft Issues Out-of-Band SharePoint Patch
Microsoft has released an out-of-band security patch for SharePoint, emphasizing its critical role in system access. The patch addresses potential vulnerabilities highlighted by the importance of SharePoint in both attack and defense strategies.
- FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale
The FBI has warned about Kali365, a phishing-as-a-service platform that steals Microsoft OAuth tokens at scale, allowing attackers to bypass multi-factor authentication and gain unauthorized access to corporate accounts. The kit uses AI-generated phishing lures impersonating trusted services like DocuSign and SharePoint, and employs both device code phishing and adversary-in-the-middle techniques. Kali365 operates on a tiered subscription model and was first spotted in April 2026.
- Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft released updates addressing 169 security vulnerabilities, including a SharePoint zero-day actively exploited in the wild. The patches include fixes for 157 Important, eight Critical, three Moderate, and one Low severity flaws.