A recent vulnerability discovered in Microsoft SharePoint underscores the ever-changing landscape of cybersecurity threats and highlights the indispensable role ethical hackers play in defending organisations. First identified at Trend Micro’s Pwn2Own Berlin hacking competition, this flaw, dubbed “ToolShell”, prompted swift action, helping safeguard thousands of systems worldwide, including many in South Africa, and demonstrating the far-reaching impact of collaborative security research.
Earlier this year, during the competition, researchers identified two common vulnerabilities and exposures (CVEs) in SharePoint, Microsoft’s widely used collaboration platform. These flaws allowed attackers to bypass login checks, plant malware, and extract cryptographic keys, giving them the ability to run commands remotely.
Microsoft responded quickly with patches, but as is sometimes the case with complex systems, the initial fix didn’t fully resolve the issue. Two additional CVEs were later issued to close the remaining gaps. This iterative process is a reminder of how challenging it can be to secure widely deployed enterprise software and how collaboration between vendors and the security community is essential.
As it stands, we’re seeing a significant number of cyber incidents happening across South African organisations because of unpatched vulnerabilities, which leave companies exposed to breaches.
The power of ethical hacking
The original discovery of the SharePoint vulnerability came during Pwn2Own Berlin 2025, a global hacking competition organised regularly by Trend Micro’s Zero Day Initiative. These events offer cash prizes for uncovering “zero-day” exploits, previously unknown software flaws that could be weaponised if left unaddressed. They are organised as part of the broader ZDI; a programme that encourages responsible reporting of zero-day vulnerabilities by providing financial rewards to security researchers.
A researcher from Viettel, a Vietnamese telecoms firm, identified the SharePoint bug and demonstrated how it could be exploited. The exploit earned a $100,000 prize and triggered Microsoft’s initial patching efforts. Thanks to this early detection, customers using Trend Micro’s TippingPoint were protected as early as May 2025.
As this recent example shows, competitions like Pwn2Own are more than just technical showdowns, they’re a cornerstone of modern cybersecurity. They encourage responsible disclosure, accelerate vulnerability discovery, and foster collaboration between researchers and vendors. In this case, the event helped uncover a flaw that could have otherwise remained hidden until exploited by malicious actors.
In fact, bug bounty programmes have become one of the most effective tools in the fight against cyber threats. By offering financial rewards to ethical hackers who find and report software vulnerabilities, these programmes have helped uncover some of the most serious security flaws in recent history. In return, researchers have earned millions in payouts. These programmes not only help companies fix problems before attackers can exploit them, but they also foster a global community of security experts working together to make the internet safer for everyone.
How local IT teams should approach the SharePoint vulnerability
South African businesses and government bodies using on-premise SharePoint should take proactive steps to secure their systems:
- Install the latest Microsoft security updates.
- Scan for suspicious Active Server Page Extended files in SharePoint directories.
- Audit configuration files for unauthorised changes.
- Monitor server logs for unusual activity, especially around the ToolPane.aspx page.
In addition to these immediate measures, organisations should look to invest in third-party threat intelligence platforms and ethical hacking initiatives. Collaborating with cybersecurity researchers can also greatly strengthen your organisation’s overall resilience.
According to recent analysis by the Boston Institute of Analytics, the landscape of ethical hacking in 2025 continues to evolve far beyond traditional bug hunting. Today’s ethical hackers confront threats that are not only more numerous but also more sophisticated, including AI-generated malware, deepfake-driven scams, and attacks targeting cloud infrastructure.
To combat these advanced dangers, ethical hackers are adopting cutting-edge tools such as Threat-GPT and AutoRecon AI, harnessing artificial intelligence to anticipate and neutralise novel attack vectors. The report underscores the shifting paradigm: ethical hackers are now the vanguard of digital defense, adapting rapidly as artificial intelligence accelerates both offensive and defensive cyber capabilities. In this continually shifting battlefield, their expertise and adaptability are more crucial than ever.