Security researchers say hackers have violated at least 400 organizations by leveraging Microsoft SharePoint’s zero-day vulnerability, indicating a sharp increase in the number of compromises detected since the bug was discovered last week.
Eye Security, the Dutch cybersecurity company, said it had identified hundreds of SharePoint servers affected by scanning the internet, and that it first identified a vulnerability in SharePoint, the popular server software that companies use to store and share internal documents. Earlier this week, the number was rising from dozens of known compromised servers.
Bloomberg reports that one of the affected organizations includes the National Nuclear Security Agency (NNSA), the federal agency responsible for maintaining and developing U.S. stockpilings of nuclear weapons. A spokesman for the Department of Energy, which houses the NNSA, did not respond to TechCrunch’s request for comment.
Several other government departments and agencies were also breached in an early wave of attacks that exploited SharePoint bugs, researchers confirmed. Data suggests that hackers had already exploited the vulnerability on July 7th.
The bug, officially known as CVE-2025-53770, affects the self-hosted version of SharePoint that companies configure and manage on their own servers. When exploited, the bug causes an attacker to run malicious code remotely on the affected server, allowing access to files stored inside and other systems on the company’s wider network.
The vulnerability is known as zero day because Microsoft didn’t have time to release patches before it was exploited. Microsoft has since released patches for all affected SharePoint versions.
Google and Microsoft say there is evidence that some China-backed hacking groups are taking advantage of the bug, but have warned businesses to expect an increase in compromise as more hacker groups try to exploit the vulnerability. The Chinese government denied the allegations.
TechCrunch Events
San Francisco
|
October 27th-29th, 2025
Source link
