Microsoft has confirmed that vulnerabilities within its SharePoint service are being actively exploited by hackers who are targeting government entities and multinational corporations.
The serious security vulnerability dates back to May 2025 when researchers from Viettel Cyber Security discovered and demonstrated a Microsoft SharePoint exploit in a "ToolShell" attack that is now being actively exploited by hackers around the world.
For those unfamiliar, Microsoft SharePoint is a service used by organizations to store and manage documents, create internal websites, share files, build workflows, and facilitate team collaboration. The security flaws are related to SharePoint servers being hosted by organizations themselves, not cloud-based SharePoint.
Two critical zero-day vulnerabilities in on-premises SharePoint servers (CVE-2025-53770 & CVE-2025-53771) are allowing third parties to take over servers without requiring credentials. These exploits have already led to the compromise of at least 85 servers worldwide.
Microsoft attempted to patch the vulnerabilities in a recent July security update, but those patches have already been bypassed by malicious third parties, rendering SharePoint Server installations of the following vulnerable to infiltration:
Vulnerable SharePoint Versions
- SharePoint 2016
- SharePoint 2019
- SharePoint Subscription Edition
So far, 54 organizations have been hit as a result of the security vulnerabilities, which include government agencies, businesses, and universities. Eye Security, a Dutch cybersecurity startup founded in 2020, and one of the first firms to detect and track the SharePoint zero-day attacks, says that many entities using SharePoint are likely already compromised but not yet identified, especially if they haven't implemented Microsoft's mitigation and detection tools.
Confirmed Breaches
Government & Public Sector
- U.S. Federal Agencies (at least 2, unnamed)
- State Legislature (Eastern U.S., public document repository hijacked)
- Florida State Agency
- Local Government Agency - Albuquerque, New Mexico
- Government Agency - Spain
- European Government Agencies (several, unnamed)
- Arizona State & Tribal Governments (emergency response initiated)
- Public Sector Organizations alerted by the Center for Internet Security (approx. 100, unnamed)
Education Sector
- Private University - California, USA
- University - Brazil
- Multiple U.S. Public Schools and Universities (alerted by CIS)
Energy & Utilities
- Energy Company - Large U.S. State (tracked by Eye Security)
- Private Energy Operator - California, USA
Private Sector
- Fintech Company - New York, USA
- AI Technology Firm - (unnamed)
- Asian Telecommunications Company - (unnamed)
- Multiple organizations in China (targeted)
Supermassive Games confirms layoffs and delay for Directive 8020
Microsoft responds to global security vulnerability, points finger at China
The biggest ransomware attacks in recent history and the groups behind them
Google fires shots directly at Microsoft over its recent security failings
Microsoft to face Homeland Security over a cascade of security failings
COLORFUL launches new compact iGame B850M ULTRA Series motherboards
NVIDIA issues Security Bulletin for GeForce users, so make sure you've updated your driver
NVIDIA's latest financial report removes Gaming as a segment, it's now called Edge Computing
NVIDIA's record Data Center revenue for fiscal Q1 2027 beat estimates as the AI boom continues
Samsung's new Odyssey G8 is the world's first 6K gaming monitor
Trump Mobile website is reportedly leaking customer data including names, addresses and order numbers
Ubisoft reports loss of 1.3 billion Euros on costly game cancellations and delays
PS5 Linux can run path-traced Cyberpunk 2077 at 35 FPS, but Quake II RTX is the surprising winner
PlayStation State of Play returns June 2, will showcase 1 hour of footage including Marvel's Wolverine
Ubisoft to release new Assassin's Creed, Far Cry, and Ghost Recon games by March 2029
MSI Roamii BE Pro Wi-Fi 7 Mesh System Review - Affordable price, good mid-range performance
SAMA S50 Mid-Tower Chassis Review
Montech Ten SFF Chassis Review
PCCooler CPS RZ620M X CPU Cooler Review
Memblaze PBlaze 7 7A40 Ocean 61.44TB Enterprise SSD Review - Oceans of QLC at 3.3 million IOPS
MOZA SGP Sequential Sim Racing Shifter Review
COLORFUL iGame GeForce RTX 5070 Ultra OC Review - When Style and Performance Meet
GIGABYTE Z890 AORUS Elite WiFi7 Plus Motherboard Review - Right in the sweet spot
PNY GeForce RTX 5080 Slim OC Review - A Compact 4K Powerhouse
HP OmniBook 7 (Panther Lake) 16" Laptop Review
Windows 11 will not let you pin a folder to the taskbar, but a 30-second workaround does
ASUS ProArt Displays Unlock Creativity with Professional Monitors for Everyone
What Happens If You Don't Activate Windows 11? 5 Downsides Explained
Fast Internet on Your Phone but Slow on Your PC? Try These Fixes
The Snipping Tool quietly became the only screenshot app I keep installed on Windows 11
How to Set Up a Windows Computer for a Senior User
Bluetooth Toggle Missing in Windows? Try These Fixes
GPU Overclocking Basics in Windows 11: Safe Performance Gains Without the Guesswork
GIGABYTE's new Ultimate OLED Gaming Monitor Bundle includes Xbox Game Pass
I automated 5 annoying Windows maintenance tasks, and my PC basically runs itself