Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups | CyberScoop<\/title> <meta name=\"description\" content=\"Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-days-china-typhoon\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft SharePoint zero-day attacks pinned on China-linked 'Typhoon' threat groups\"> <meta property=\"og:description\" content=\"Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-days-china-typhoon\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-22T15:54:06+00:00\"> <meta property=\"article:modified_time\" content=\"2025-07-22T15:54:09+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1752617955g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1752617143g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1752075323g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85268\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85268\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-sharepoint-zero-days-china-typhoon%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-sharepoint-zero-days-china-typhoon%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85268 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-days-china-typhoon\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.041753653445\">\n<div class=\"single-article__header-content\" readability=\"35.55069124424\">\n<p> Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85268\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-2.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Photo by John Smith\/VIEWpress\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"40.656725011515\"><body readability=\"84.540511727079\"><\/p>\n<p>Microsoft said two China nation-state threat groups and a separate attacker based in China are exploiting the zero-day vulnerabilities that first <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-day-attack-spree\/\">caused havoc to SharePoint servers over the weekend<\/a>.<\/p>\n<p>Linen Typhoon and Violet Typhoon \u2014 the Chinese government-affiliated threat groups \u2014 and an attacker Microsoft tracks as Storm-2603 are exploiting the pair of zero-day vulnerabilities affecting on-premises SharePoint servers, Microsoft Threat Intelligence said in a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\">blog post<\/a> Tuesday.<\/p>\n<p>The zero-days \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770\">CVE-2025-53770<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53771\">CVE-2025-53771<\/a> \u2014 have been exploited en masse to intrude hundreds of organizations globally, spanning multiple sectors, including government agencies, according to researchers. <\/p>\n<p>Both defects are variants of previously disclosed vulnerabilities that Microsoft had already addressed in its <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-july-2025\/\">security update<\/a> earlier this month. After discovering the new flaws, Microsoft scrambled to develop patches, releasing the updates for all versions of SharePoint by late Monday.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The attack spree is ongoing and spreading. <\/p>\n<p>\u201cWith the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems,\u201d Microsoft Threat Intelligence researchers said in the blog post.<\/p>\n<p>Underscoring the widespread alarm caused by the attacks, the Cybersecurity and Infrastructure Security Agency issued a rare weekend <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770\">alert about active attacks<\/a> and added the defect to its <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/cisa-adds-one-known-exploited-vulnerability-cve-2025-53770-toolshell-catalog\">known exploited vulnerabilities<\/a> catalog Sunday.<\/p>\n<p>Microsoft\u2019s initial attribution assessment tracks with other incident responders and researchers who are swarming to combat the threat the attacks pose to critical infrastructure. The motivations and origins of threat groups behind the attacks have also spread beyond China and its government.<\/p>\n<p>Charles Carmakal, chief technology officer at Mandiant Consulting, said the early zero-day exploitation was broad and opportunistic. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAt least one of the actors responsible for this early exploitation is a China-nexus threat actor,\u201d he said in an email. \u201cIt\u2019s critical to understand that multiple actors are now actively exploiting this vulnerability. We fully anticipate that this trend will continue, as various other threat actors, driven by diverse motivations, will leverage this exploit as well.\u201d<\/p>\n<p>Microsoft researchers said Linen Typhoon, Violet Typhoon and Storm-2603 attempted to exploit the previously disclosed SharePoint vulnerabilities \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49706\">CVE-2025-49706<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49704\">CVE-2025-49704<\/a> \u2014 as early as July 7. Typhoon is the family name Microsoft applies to nation-state threat groups originating from China, and Storm is a moniker the company uses for threat groups in development.<\/p>\n<p>Linen Typhoon, which has been active since 2012, has focused on stealing intellectual property from organizations in government, defense, strategic planning and human rights, according to Microsoft. <\/p>\n<p>Violet Typhoon, which emerged in 2015, is an espionage threat group targeting former government and military personnel, non-governmental organizations, think tanks, higher education, media, finance and health-related industries in the United States, Europe and East Asia. \u201cThis group persistently scans for vulnerabilities in the exposed web infrastructure of targeting organizations, exploiting discovered weaknesses to install web shells,\u201d Microsoft researchers said.<\/p>\n<p>Storm-2603 is the China-based attacker that\u2019s attempting to steal MachineKeys from compromised SharePoint servers, according to Microsoft. Researchers have warned that the theft of cryptographic keys could allow attackers to maintain persistent access to victim environments after the patch has been applied.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.0713073005093\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-days-china-typhoon\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,282,78,452,2659,4185,4608,646,625,467,256,4609,288,4610,1170],"tags":[277,286,86,454,2661,4187,4611,650,630,471,262,4612,294,4613,1171],"class_list":["post-7818","post","type-post","status-publish","format-standard","hentry","category-china","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-exploit","category-exploitation","category-linen-typhoon","category-mandiant","category-microsoft","category-microsoft-threat-intelligence-center","category-research","category-storm-2603","category-threats","category-violet-typhoon","category-zero-days","tag-china","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-exploit","tag-exploitation","tag-linen-typhoon","tag-mandiant","tag-microsoft","tag-microsoft-threat-intelligence-center","tag-research","tag-storm-2603","tag-threats","tag-violet-typhoon","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploitation\/\" rel=\"category tag\">Exploitation<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/linen-typhoon\/\" rel=\"category tag\">Linen Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence-center\/\" rel=\"category tag\">Microsoft Threat Intelligence Center<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/storm-2603\/\" rel=\"category tag\">Storm-2603<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/violet-typhoon\/\" rel=\"category tag\">Violet Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7818"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7818\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7818,"date":"2025-07-22T10:54:06","date_gmt":"2025-07-22T15:54:06","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85268"},"modified":"2025-07-22T10:54:06","modified_gmt":"2025-07-22T15:54:06","slug":"microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/22\/microsoft-sharepoint-zero-day-attacks-pinned-on-china-linked-typhoon-threat-groups\/","title":{"rendered":"Microsoft SharePoint zero-day attacks pinned on China-linked \u2018Typhoon\u2019 threat groups"},"content":{"rendered":"