Hackers exploiting SharePoint zero-day seen targeting government agencies, say researchers

Source: techcrunch
Author: Lorenzo Franceschi-Bicchierai
Published: 7/21/2025
To read the full content, please visit the original article.
Read original articleResearchers have identified hackers exploiting a previously unknown zero-day vulnerability in Microsoft SharePoint, primarily targeting government organizations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the active exploitation of this flaw, which affects on-premises SharePoint servers but not the cloud versions. Initial attacks have focused on a limited set of targets, including U.S. federal and state agencies, universities, and energy companies, suggesting the involvement of a government-affiliated threat actor.
Experts note that while the initial exploitation has been relatively contained, the vulnerability remains unpatched across many organizations, with estimates of 9,000 to 10,000 vulnerable SharePoint instances accessible online. This exposure raises concerns that other malicious actors, beyond the original government-linked hackers, may begin exploiting the flaw more broadly. Microsoft advises organizations to either apply the patch promptly or disconnect their SharePoint servers from the internet to mitigate the risk. Security researchers continue to monitor the situation as the campaign evolves.
Tags
energycybersecuritySharePointgovernment-agencieszero-day-vulnerabilityhackingMicrosoft