CISA confirmed that threat actors are actively exploiting three critical SharePoint Server vulnerabilities to gain remote code execution and deploy malware on compromised systems. The vulnerabilities affect all supported versions (2016, 2019, and Subscription Edition) and involve post-exploitation techniques to steal credentials and establish persistence; CISA has added detection rules and hardening recommendations to help organizations remediate the threat.