SharePoint Zero-Day 2025: ToolPane Authentication Bypass + Deserialization RCE A brand-new, two-stage exploit is hammering SharePoint 2010-2025. OTW joins David Bombal to break down:
• How attackers bypass authentication and inject shellcode via unsafe serialization
• Why Microsoft’s May patch failed and how the “toolpane.aspx” endpoint is abused
• Live tour of a 140-line Python POC you can test in a lab
• Risk to unpatched 2010/2013 deployments (no fixes coming)
• Confirmed Chinese APT activity targeting government portals
• Immediate mitigation steps, upgrade paths, and indicator checks
• Career advice: stay ahead of AI & quantum threats by learning Linux, Python and networking

// Occupy The Web SOCIAL //
X: / three_cube
Website: https://hackers-arise.net/

// Occupy The Web Books //

Linux Basics for Hackers 2nd Ed
US: https://amzn.to/3TscpxY
UK: https://amzn.to/45XaF7j

Linux Basics for Hackers:
US: https://amzn.to/3wqukgC
UK: https://amzn.to/43PHFev

Getting Started Becoming a Master Hacker
US: https://amzn.to/4bmGqX2
UK: https://amzn.to/43JG2iA

Network Basics for hackers:
US: https://amzn.to/3yeYVyb
UK: https://amzn.to/4aInbGK

// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW’s website: https://hackers-arise.net/

// Playlists REFERENCE //
Linux Basics for Hackers: Linux for Hackers Tutorial (And Free Courses)
Mr Robot: Hack like Mr Robot // WiFi, Bluetooth and …
Hackers Arise / Occupy the Web Hacks: Hacking Tools (with demos) that you need t…

// YouTube video REFERENCE //
Hacking IP Cameras: Hacking IP Cameras (CCTV) with Demos and R…
Are VPNs even safe now?: Are VPNs even safe now? Hacker Explains

// David’s Social //

================
Coect with me:
================
Discord: http://discord.davidbombal.com
X: https://www.x.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Chael https://www.youtube.com/davidbombal
YouTube Tech Chael: https://www.youtube.com/chael/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Chael: https://www.youtube.com/chael/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Chael: https://www.youtube.com/chael/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna
Udemy CCNA Course: https://bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// MENU //
0:00 – Coming Up
0:55 – Intro
01:12 – OTW’s New Books
02:33 – Sharepoint Exploit
05:08 – Deserialization & Serialisation Explained
09:34 – The Aftermath of the Sharepoint Hack
12:35 – The Origin of the Sharepoint Exploit
13:15 – Exploit Proof of Concept
18:48 – Exploit Summary (Step by Step)
22:42 – Who will be Affected?
24:26 – The Repercussion of Being Hacked
28:04 – Final Thoughts
30:32 – Quantum

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.
#sharepoint #zeroday #microsoft