Business
Microsoft SharePoint flaw exploited in global cyberattack; U.S. agencies hit
A major global cyberattack targeting U.S. government agencies, businesses, and critical infrastructure is underway, linked to an exploit in Microsoft SharePoint Server, according to researchers and officials cited by The Washington Post.
The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on Sunday that it is “aware of active exploitation” of the vulnerability, which allows attackers to gain unauthorized access to SharePoint servers and execute code remotely.
The issue, tracked as CVE-2025-53770, is considered a variant of a previously disclosed bug and is now being used to carry out large-scale attacks across multiple sectors and countries.
Microsoft confirmed that it is aware of the active exploit and is “preparing and fully testing a comprehensive update” to fix the vulnerability. Until the patch is released, Microsoft is urging users to apply the recommended mitigation steps outlined in its advisory.
According to The Washington Post, the cyberattack has compromised networks at multiple U.S. federal and state agencies, universities, and energy companies.
Cybersecurity firm Eye Security said the exploit was observed in the wild starting on the evening of Friday and has been used to breach dozens of servers across the world.
According to The Washington Post, victims include European government agencies, a university in Brazil, a local government agency in Albuquerque, and a telecommunications company in Asia. In Arizona, state officials were reportedly working with local and tribal entities to assess exposure and share information.
Two U.S. federal agencies have been confirmed as being targeted, according to researchers cited by the Post, though their names have not been disclosed due to confidentiality agreements.
“There is definitely a mad scramble across the nation right now,” a source told WaPo.
CISA said the vulnerability, known as “ToolShell,” enables attackers to fully access SharePoint content, internal configurations, and file systems without authentication.
Microsoft described the issue as involving the deserialization of untrusted data in SharePoint, which can allow attackers to execute code across networks. No timeline has been provided for the release of an official patch.
What to Expect During Brow Lift Recovery
Top Bugatchi Men’s Shirts That Elevate Your Everyday Wardrobe
U.S. Navy helicopter and fighter jet crash in South China Sea; all crew rescued
4 dead, including 2 children, in South Carolina house fire
-
World1 week agoCargo plane plunges into sea at Hong Kong airport; 2 killed
-
Health1 week agoMexico reports new human case of H5 bird flu
-
US News3 days agoUnwarned tornado suspected in Fort Worth as storms cause damage and power outages
-
World17 hours agoU.S. Navy helicopter and fighter jet crash in South China Sea; all crew rescued
-
Legal7 days agoMan armed with AR-15 arrested after threats to ‘shoot up’ Atlanta airport
-
Legal2 days agoMultiple injured in shooting at Lincoln University in Pennsylvania
-
World7 days agoMagnitude 5.0 earthquake rattles Dominican Republic
-
World6 days agoMagnitude 6.1 earthquake strikes Ecuador–Peru border region