Business
Microsoft SharePoint flaw exploited in global cyberattack; U.S. agencies hit
A major global cyberattack targeting U.S. government agencies, businesses, and critical infrastructure is underway, linked to an exploit in Microsoft SharePoint Server, according to researchers and officials cited by The Washington Post.
The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on Sunday that it is “aware of active exploitation” of the vulnerability, which allows attackers to gain unauthorized access to SharePoint servers and execute code remotely.
The issue, tracked as CVE-2025-53770, is considered a variant of a previously disclosed bug and is now being used to carry out large-scale attacks across multiple sectors and countries.
Microsoft confirmed that it is aware of the active exploit and is “preparing and fully testing a comprehensive update” to fix the vulnerability. Until the patch is released, Microsoft is urging users to apply the recommended mitigation steps outlined in its advisory.
According to The Washington Post, the cyberattack has compromised networks at multiple U.S. federal and state agencies, universities, and energy companies.
Cybersecurity firm Eye Security said the exploit was observed in the wild starting on the evening of Friday and has been used to breach dozens of servers across the world.
According to The Washington Post, victims include European government agencies, a university in Brazil, a local government agency in Albuquerque, and a telecommunications company in Asia. In Arizona, state officials were reportedly working with local and tribal entities to assess exposure and share information.
Two U.S. federal agencies have been confirmed as being targeted, according to researchers cited by the Post, though their names have not been disclosed due to confidentiality agreements.
“There is definitely a mad scramble across the nation right now,” a source told WaPo.
CISA said the vulnerability, known as “ToolShell,” enables attackers to fully access SharePoint content, internal configurations, and file systems without authentication.
Microsoft described the issue as involving the deserialization of untrusted data in SharePoint, which can allow attackers to execute code across networks. No timeline has been provided for the release of an official patch.
Wisconsin Amber Alert: Ruby Lehman missing from Portage County
Child in L.A. County dies from rare measles complication
Brazil’s Supreme Court sentences Bolsonaro to 27 years in coup plot case
Person airlifted as Naval Academy in Maryland on lockdown due to threat
-
Breaking News4 days agoPoland engages drones violating airspace; says it is in contact with NATO
-
Health4 days agoSwedish Health Minister Elisabet Lann collapses at press conference
-
Legal6 days agoCalifornia Amber Alert: 1-year-old Enzo Antonescu abducted at Target in City of Industry
-
US News4 days agoMagnitude 5.8 earthquake strikes off Oregon coast; no tsunami threat
-
World6 days agoWestJet flight from Toronto makes hard landing in St. Maarten
-
Legal6 days agoAt least 5 shot near restaurant in Cleveland, Ohio
-
Business1 week agoPowerball website crashes after $1.4 billion jackpot drawing
-
US News1 week agoCommuteAir jet makes emergency return to Houston due to smoke in cockpit