Business
Microsoft SharePoint flaw exploited in global cyberattack; U.S. agencies hit
A major global cyberattack targeting U.S. government agencies, businesses, and critical infrastructure is underway, linked to an exploit in Microsoft SharePoint Server, according to researchers and officials cited by The Washington Post.
The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on Sunday that it is “aware of active exploitation” of the vulnerability, which allows attackers to gain unauthorized access to SharePoint servers and execute code remotely.
The issue, tracked as CVE-2025-53770, is considered a variant of a previously disclosed bug and is now being used to carry out large-scale attacks across multiple sectors and countries.
Microsoft confirmed that it is aware of the active exploit and is “preparing and fully testing a comprehensive update” to fix the vulnerability. Until the patch is released, Microsoft is urging users to apply the recommended mitigation steps outlined in its advisory.
According to The Washington Post, the cyberattack has compromised networks at multiple U.S. federal and state agencies, universities, and energy companies.
Cybersecurity firm Eye Security said the exploit was observed in the wild starting on the evening of Friday and has been used to breach dozens of servers across the world.
According to The Washington Post, victims include European government agencies, a university in Brazil, a local government agency in Albuquerque, and a telecommunications company in Asia. In Arizona, state officials were reportedly working with local and tribal entities to assess exposure and share information.
Two U.S. federal agencies have been confirmed as being targeted, according to researchers cited by the Post, though their names have not been disclosed due to confidentiality agreements.
“There is definitely a mad scramble across the nation right now,” a source told WaPo.
CISA said the vulnerability, known as “ToolShell,” enables attackers to fully access SharePoint content, internal configurations, and file systems without authentication.
Microsoft described the issue as involving the deserialization of untrusted data in SharePoint, which can allow attackers to execute code across networks. No timeline has been provided for the release of an official patch.
-
Legal2 days agoMan shot and killed by police after pointing gun at people in Austin, Texas
-
Legal1 week ago6 shot, 1 killed, at San Antonio apartment complex
-
World13 hours agoDeath toll from wildfire in southern Spain rises to 13
-
Politics6 days agoU.S. condemns China’s submarine ICBM test into Pacific
-
World5 days agoUkrainian suspect in Monaco bombing found shot dead
-
Legal6 days agoPolice sergeant, mother and daughter killed in Ohio shooting; suspect dead
-
Legal5 days agoSan Diego deputy sentenced for shove that fractured detainee’s spine
-
Legal5 days agoIllinois man charged with threatening to attack Fort Bliss personnel and families
