The Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial network access. This campaign, observed in mid-2025, involves sending crafted HTTP POST requests to upload web shells, facilitating reconnaissance, privilege escalation, and credential theft. Initial Exploitation Attackers exploit flaws like […] The post Warlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/warlock-ransomware-exploits-sharepoint-flaws/
