Microsoft patched the SharePoint ToolShell vulnerability chain in July 2025. Within nine days it was under active exploitation. Within two weeks, the patches had been bypassed. Eight months later, a third variant was confirmed in the wild. Dataminr flagged the threat before the first CVE was published, giving customers weeks of early visibility that most organizations never had. This post walks through how the attack works, what it means for each team in your organization, and how Dataminr's early warning, combined with Cortex XSOAR, gives the SOC the visibility and prioritization it needs to stay ahead of a threat that won't stay fixed.

Dataminr Pulse for Cyber Risk integrates external real-time intelligence into Palo Alto Networks' platform, enabling security teams to act on early warning signals before threats impact internal systems. This approach shifts security from reactive to prevention-based by leveraging AI-analyzed data from over a million public sources to detect risks outside organizational perimeters.

The gap between collecting threat feeds and applying real-world threat intelligence to your environment is where most programs fail. Security teams know something happened, but struggle to detect it early, determine relevance, and trigger consistent response actions. Integrating Dataminr's AI-powered real-time threat intelligence with Cortex XSOAR enables your SOC to be ahead of physical and cyber threats correlated to your environment.