What is Sophos saying regarding the exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Did you engage the Sophos AI assistance here? It is a great tool for such questions: Enhancing your XDR search experience with AI You can prompt this question there as well.
We posted one security post about this: https://news.sophos.com/en-us/2025/07/21/sharepoint-toolshell-vulnerabilities-being-exploited-in-the-wild/
__________________________________________________________________________________________________________________
Quote