Business
Microsoft SharePoint flaw exploited in global cyberattack; U.S. agencies hit
A major global cyberattack targeting U.S. government agencies, businesses, and critical infrastructure is underway, linked to an exploit in Microsoft SharePoint Server, according to researchers and officials cited by The Washington Post.
The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on Sunday that it is “aware of active exploitation” of the vulnerability, which allows attackers to gain unauthorized access to SharePoint servers and execute code remotely.
The issue, tracked as CVE-2025-53770, is considered a variant of a previously disclosed bug and is now being used to carry out large-scale attacks across multiple sectors and countries.
Microsoft confirmed that it is aware of the active exploit and is “preparing and fully testing a comprehensive update” to fix the vulnerability. Until the patch is released, Microsoft is urging users to apply the recommended mitigation steps outlined in its advisory.
According to The Washington Post, the cyberattack has compromised networks at multiple U.S. federal and state agencies, universities, and energy companies.
Cybersecurity firm Eye Security said the exploit was observed in the wild starting on the evening of Friday and has been used to breach dozens of servers across the world.
According to The Washington Post, victims include European government agencies, a university in Brazil, a local government agency in Albuquerque, and a telecommunications company in Asia. In Arizona, state officials were reportedly working with local and tribal entities to assess exposure and share information.
Two U.S. federal agencies have been confirmed as being targeted, according to researchers cited by the Post, though their names have not been disclosed due to confidentiality agreements.
“There is definitely a mad scramble across the nation right now,” a source told WaPo.
CISA said the vulnerability, known as “ToolShell,” enables attackers to fully access SharePoint content, internal configurations, and file systems without authentication.
Microsoft described the issue as involving the deserialization of untrusted data in SharePoint, which can allow attackers to execute code across networks. No timeline has been provided for the release of an official patch.
Death toll rises to 72 after earthquake in the Philippines
Minnesota man pleads guilty to attempting to support ISIS
Colombia to expel Israeli diplomats after nationals detained on Gaza flotilla
At least 30 killed in church scaffolding collapse in Ethiopia
-
Legal6 days ago3 killed after gunman on boat opens fire at Southport, NC restaurant
-
US News5 days agoAt least 10 people shot at Mormon Church in Michigan, others missing
-
World1 week agoMagnitude 6.2 earthquake strikes Venezuela; strong shaking reported
-
Legal1 week agoTop Model USA among 3 dead in murder-suicide outside El Paso police HQ
-
Legal1 week agoFlorida man arraigned in plot to bomb New York Stock Exchange
-
World1 week agoBee swarm in northern Mexico leaves 2 dead, 2 seriously injured
-
Legal1 week agoAmber Alert: Colt and Bradley Brussel missing from Arkansas, may be in Florida
-
World1 week agoDrone activity forces closure of Danish airport airspace for 2nd time this week