Microsoft has released emergency out-of-band patches for two actively exploited SharePoint zero-day vulnerabilities (CVE-2025-53770 and CVE-2025-53771) that bypassed previous fixes and enabled remote code execution. Dubbed 'ToolShell' attacks, these exploits have compromised over 54 organizations worldwide, forcing admins to urgently apply updates and rotate encryption keys. The incident highlights escalating risks in enterprise collaboration platforms and the cat-and-mouse game of patch evasion.