microsoft sharepoint servers are under active exploitation via a flaw letting any site member run remote code, prompting an emergency cisa patch order before fixes were widely available. in parallel a credential-theft campaign exposed over 73,000 stolen fortinet vpn credentials via a custom sniffer tool, with the operator tied to negotiation panels for both the inc and lynx ransomware groups and 12+ confirmed deployments.