Mass SharePoint hacks expose hundreds of organizations
▼ Summary
– Hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, with compromises rising sharply since its discovery last week.
– The Dutch firm Eye Security identified hundreds of affected SharePoint servers, up from dozens earlier this week, by scanning the internet.
– The National Nuclear Security Administration (NNSA) was among the impacted organizations, with the Department of Energy confirming a “very small number of systems” were affected.
– The vulnerability, CVE-2025-53770, allows attackers to remotely run malicious code on self-hosted SharePoint servers, accessing files and other network systems.
– Google and Microsoft attribute some attacks to China-backed hacking groups, though China denies involvement, and Microsoft has since released patches for affected SharePoint versions.
A widespread cyberattack exploiting a critical Microsoft SharePoint vulnerability has compromised hundreds of organizations, including government agencies, according to security researchers. The breach, which began earlier this month, has rapidly escalated, with hackers gaining unauthorized access to sensitive internal documents and systems.
Dutch cybersecurity firm Eye Security first uncovered the flaw in SharePoint, a widely used platform for corporate document management. Their scans revealed over 400 affected servers, a significant jump from initial reports of just a few dozen compromised systems. Among the impacted entities is the National Nuclear Security Administration (NNSA), part of the U.S. Department of Energy. While officials confirmed only a “very small number of systems” were breached, the incident highlights the severity of the threat.
The vulnerability, tracked as CVE-2025-53770, targets self-hosted SharePoint installations, allowing attackers to execute malicious code remotely. Once inside, hackers can access stored files and potentially infiltrate broader corporate networks. Microsoft has since released patches, but the window of exposure left many organizations vulnerable.
Security experts warn that state-sponsored hacking groups, particularly those linked to China, have actively exploited this flaw. While Beijing denies involvement, tech giants like Google and Microsoft have observed suspicious activity tied to known threat actors. With patches now available, companies are urged to update immediately, delaying could lead to further breaches as cybercriminals race to capitalize on unpatched systems.
The incident underscores the growing risks of unaddressed software vulnerabilities, especially in widely adopted platforms like SharePoint. Organizations relying on outdated or unpatched systems remain prime targets for sophisticated cyberattacks. Proactive security measures, including timely updates and continuous monitoring, are critical to mitigating such threats.
(Source: TechCrunch)
