https://stream.echo6.co/videos/watch/57a4dd48-3d5e-4be0-908d-47acd18fa533 SharePoint Zero-Day 2025: ToolPane Authentication Bypass + Deserialization RCE A brand-new, two-stage exploit is hammering SharePoint 2010-2025. OTW joins David Bombal to break down: • How attackers bypass authentication and inject shellcode via unsafe serialization • Why Microsoft’s May patch failed and how the “toolpane.aspx” endpoint is abused • Live tour of a 140-line Python POC you can test in a lab • Risk to unpatched 2010/2013 deployments (no fixes coming) • Confirmed Chinese APT activity targeting government portals • Immediate mitigation steps, upgrade paths, and indicator checks • Career advice: stay ahead of AI & quantum threats by learning Linux, Python and networking // Occupy The Web SOCIAL // X: https://twitter.com/three_cube Website: https://hackers-arise.net/ // Occupy The Web Books // Linux Basics for Hackers 2nd Ed US: https://amzn.to/3TscpxY UK: https://amzn.to/45XaF7j Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Playlists REFERENCE // Linux Basics for Hackers: https://www.youtube.com/watch?v=YJUVNlmIO6E&list=PLhfrWIlLOoKOs-fjCPHdzD2icF2vORfwK&pp=iAQB Mr Robot: https://www.youtube.com/watch?v=3yiT_WMlosg&list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q&pp=iAQB Hackers Arise / Occupy the Web Hacks: https://www.youtube.com/watch?v=GxkKszPVD1M&list=PLhfrWIlLOoKOf1Ru_TFAnubVuWc87i-7z&pp=iAQB // YouTube video REFERENCE // Hacking IP Cameras: https://youtu.be/yMAWcHP6yn8 Are VPNs even safe now?: https://youtu.be/Qqd9KzPVBb8 // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ SoundCloud: https://soundcloud.com/davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:55 - Intro 01:12 - OTW's New Books 02:33 - Sharepoint Exploit 05:08 - Deserialization & Serialisation Explained 09:34 - The Aftermath of the Sharepoint Hack 12:35 - The Origin of the Sharepoint Exploit 13:15 - Exploit Proof of Concept 18:48 - Exploit Summary (Step by Step) 22:42 - Who will be Affected? 24:26 - The Repercussion of Being Hacked 28:04 - Final Thoughts 30:32 - Quantum Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #sharepoint #zeroday #microsoft Wed, 15 Apr 2026 15:26:10 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/57a4dd48-3d5e-4be0-908d-47acd18fa533 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.