Business
Microsoft SharePoint flaw exploited in global cyberattack; U.S. agencies hit
A major global cyberattack targeting U.S. government agencies, businesses, and critical infrastructure is underway, linked to an exploit in Microsoft SharePoint Server, according to researchers and officials cited by The Washington Post.
The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on Sunday that it is “aware of active exploitation” of the vulnerability, which allows attackers to gain unauthorized access to SharePoint servers and execute code remotely.
The issue, tracked as CVE-2025-53770, is considered a variant of a previously disclosed bug and is now being used to carry out large-scale attacks across multiple sectors and countries.
Microsoft confirmed that it is aware of the active exploit and is “preparing and fully testing a comprehensive update” to fix the vulnerability. Until the patch is released, Microsoft is urging users to apply the recommended mitigation steps outlined in its advisory.
According to The Washington Post, the cyberattack has compromised networks at multiple U.S. federal and state agencies, universities, and energy companies.
Cybersecurity firm Eye Security said the exploit was observed in the wild starting on the evening of Friday and has been used to breach dozens of servers across the world.
According to The Washington Post, victims include European government agencies, a university in Brazil, a local government agency in Albuquerque, and a telecommunications company in Asia. In Arizona, state officials were reportedly working with local and tribal entities to assess exposure and share information.
Two U.S. federal agencies have been confirmed as being targeted, according to researchers cited by the Post, though their names have not been disclosed due to confidentiality agreements.
“There is definitely a mad scramble across the nation right now,” a source told WaPo.
CISA said the vulnerability, known as “ToolShell,” enables attackers to fully access SharePoint content, internal configurations, and file systems without authentication.
Microsoft described the issue as involving the deserialization of untrusted data in SharePoint, which can allow attackers to execute code across networks. No timeline has been provided for the release of an official patch.
Trump administration releases 230,000 pages of MLK assassination files
Magnitude 6.2 aftershock strikes Alaska’s Aleutian Islands
1 dead, 2 missing after group swept over Oregon falls
Missing 9-year-old girl found dead in New York; father gave inconsistent account
-
Politics2 days agoSaudi Arabia’s ‘Sleeping Prince’ dies after 20 years in coma
-
US News5 days agoTsunami advisory issued for parts of Alaska following magnitude 7.3 earthquake
-
Legal6 days agoSuspect barricaded inside liquor store near Nashville
-
Legal1 week agoChurch shooting in Lexington, Kentucky leaves 2 dead; trooper among injured
-
Legal7 days agoSuspect shot by officer after brandishing firearm at North Charleston Walmart
-
US News1 week agoDeath toll from Texas floods rises to 132; over 160 still missing
-
Politics4 days agoWSJ details alleged “bawdy” Trump letter in Epstein gift album
-
World1 week agoMedical plane crashes after takeoff at London Southend Airport