SharePoint Mass Hacks: Hundreds of Organizations Breached

SharePoint Zero-Day Exploitation Impacts Hundreds of Organizations

Cybersecurity researchers report that a zero-day vulnerability in Microsoft SharePoint has been exploited to compromise at least 400 organizations. This represents a significant increase in the number of detected breaches since the flaw’s discovery last week.

Discovery and Initial Impact

Eye Security, a Dutch cybersecurity firm, was the first to identify the vulnerability within SharePoint. This widely-used server software is employed by numerous companies for the storage and sharing of sensitive internal documentation. Their internet scans have revealed hundreds of affected SharePoint servers.

The number of compromised servers has increased substantially from the initial reports earlier this week.

Government Agencies Affected

According to Bloomberg, the National Nuclear Security Administration (NNSA) is among the organizations impacted. The NNSA is the federal agency responsible for the maintenance and development of the United States’ nuclear weapons stockpile.

Ben Dietderich, a spokesperson for the Department of Energy, which oversees the NNSA, confirmed a “minimal impact,” stating that only a “very small number of systems” were affected.

Researchers have also confirmed that several other government departments and agencies experienced compromises during the initial wave of attacks targeting the SharePoint vulnerability. Evidence indicates exploitation began as early as July 7th.

Technical Details of the Vulnerability

The vulnerability, designated as CVE-2025-53770, impacts SharePoint versions that are self-hosted – meaning companies manage the software on their own servers. Successful exploitation allows attackers to execute malicious code remotely on the compromised server.

This access grants them the ability to access stored files and potentially infiltrate other systems within the organization’s network.

Zero-Day Status and Patch Availability

This flaw is classified as a zero-day vulnerability because Microsoft was unaware of it and had no patch available when exploitation commenced. Patches addressing the vulnerability have since been released for all affected SharePoint versions.

Attribution and Ongoing Threat

Both Google and Microsoft have indicated evidence suggesting the involvement of multiple hacking groups linked to China in exploiting this vulnerability. They also cautioned that further compromises are likely as additional hacker groups attempt to leverage the flaw.

The Chinese government has denied these allegations.

This article was updated to include a statement from the Department of Energy.