A hot potato: A newly uncovered security flaw in Microsoft's SharePoint software has sparked a widespread series of cyberattacks targeting government organizations, educational institutions, energy companies, and private enterprises around the globe. This threat has prompted coordinated investigations by authorities in the United States, Canada, and Australia, with cybersecurity experts warning that these intrusions represent one of the most serious server-level breaches seen in recent memory.
"Anybody who's got a hosted SharePoint server has got a problem," Adam Meyers, senior vice president with CrowdStrike, told The Washington Post. "It's a significant vulnerability."
Central to the crisis is a zero-day vulnerability affecting on-premises SharePoint servers, which organizations widely use for managing and sharing internal documents. The Cybersecurity and Infrastructure Security Agency (CISA) reports that attackers have leveraged this flaw, designated CVE-2025-53770, to gain unauthorized remote access to vulnerable systems. While Microsoft's cloud-hosted services such as Microsoft 365 remain unaffected, tens of thousands of traditional SharePoint servers worldwide faced immediate risk.
Microsoft has responded by releasing patches for SharePoint Server 2019 and its Subscription Edition, though users of older versions like SharePoint 2016 continue to await fixes.
Unfortunately, hackers have reportedly obtained cryptographic keys critical for server authentication, allowing them to maintain access even after updates are applied. Consequently, organizations must conduct comprehensive reviews and rotate cryptographic credentials to mitigate ongoing threats.
The revelation of these attacks has sent ripples across public and private sectors. US federal and local government agencies, educational bodies, and European governmental offices are among those scrambling to evaluate system integrity and mitigate damage.
Security researchers from Eye Security, which first detected the exploit, have documented over 50 compromised entities spanning multiple continents.
Disruptions have affected public-facing document repositories in some government offices, forcing agencies to seek alternative means to maintain transparency and access. In industries such as energy and higher education, the implications are particularly severe, as SharePoint servers often connect with other vital services, including Outlook, Teams, and OneDrive, heightening the danger of widespread data theft and password harvesting.
CISA has categorized the exploit as a high-priority threat. The agency advises isolating affected servers from public networks when patches are unavailable and maintaining vigilant monitoring.
Microsoft continues to develop updates targeting legacy products, and cybersecurity organizations like the Center for Internet Security have mobilized to notify vulnerable institutions.
This incident has reignited debates over the reliability of patch management practices and the inherent security risks posed by outdated software systems – a challenge faced by many organizations that rely on legacy technology.
Worldwide cyberattack underway as hackers exploit Microsoft SharePoint zero-day vulnerability
IMO, the more crap that Microsoft thinks people cannot live without while trying to rope people into their ecosystem, the less secure Microsoft's crap becomes.
