Logo

Microsoft SharePoint Under Global Cyberattack: Urgent Security Flaws Exposed

Microsoft has disclosed active cyberattacks exploiting security flaws in its SharePoint collaboration software, affecting thousands of organizations worldwide. While patches are out for some versions, older iterations remain vulnerable, putting sensitive business and government data at risk. Experts warn attackers can gain persistent access, steal data, and even impersonate users, underscoring the urgent need for comprehensive cybersecurity measures.

Microsoft SharePoint Under Global Cyberattack: Urgent Security Flaws Exposed

Microsoft Warns of Active Cyberattacks Targeting SharePoint Servers Worldwide

In a stark wake-up call to organizations around the globe, Microsoft has revealed a series of active cyberattacks targeting its widely adopted SharePoint collaboration software. This vulnerability jeopardizes not only private businesses but also government agencies, raising alarm bells across multiple sectors relying on SharePoint for their document management and teamwork.

What We Know About the SharePoint Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that the flaw provides malicious actors with unauthenticated access to SharePoint servers. This means attackers can navigate file systems freely, access sensitive content, and even execute arbitrary code remotely—without needing valid credentials.

Such unauthorized access has serious implications, potentially exposing confidential files, enabling persistent backdoors, and paving the way for further infiltration into connected systems.

Patch Status and Remaining Risks

Microsoft has responded by releasing patches for two versions of SharePoint. However, a 2016 iteration remains vulnerable, with Microsoft actively working on a fix. While patches are available, cybersecurity experts caution that risk remains until all versions are secured.

Importantly, this attack affects on-premises SharePoint servers, not the cloud-based Microsoft 365 platform. Still, given SharePoint’s integration with critical tools such as Outlook and Teams, a compromised server can rapidly become the entry point for broader organizational breaches.

Expert Insights: Why This Breach Is Particularly Dangerous

European cybersecurity firm Eye Security, the first to identify the flaw, noted a concerning facet: hackers can impersonate users or services even after the server is patched—leading to persistent risks.

Michael Sikorski, CTO of Palo Alto Networks’ Unit 42 threat intelligence team, warned, "Once inside, attackers are exfiltrating sensitive data, deploying backdoors, and stealing cryptographic keys." His statement underscores how the vulnerability not only facilitates entry but also long-term control of victim systems.

Underreported Context: The Broader Implications of SharePoint Vulnerabilities

While headlines focus on the immediate threat, this incident opens a larger conversation about enterprise dependency on legacy software and the risk of delayed patch deployments. Many organizations still operate outdated versions due to compatibility or IT complexity, heightening exposure.

It also highlights a critical gap in safeguarding on-premises infrastructure amidst growing cloud adoption—reminding entities that hybrid environments bring complex security challenges.

Recent Spin-off: IT Outage Raises Questions

Separately, a major US airline briefly suspended ground operations for about three hours amid an IT outage, which was resolved by early Monday morning Eastern Time. Though no direct link to the SharePoint attack has been confirmed, the situation illustrates how IT disruptions can cascade into operational impacts or signal broader cyber threats.

Looking Forward: Action Steps for Organizations

  • Immediate patching: Apply Microsoft’s latest SharePoint updates without delay.
  • Comprehensive system audits: Identify and remediate any lingering vulnerabilities, especially on legacy versions.
  • Network segmentation: Limit SharePoint server access to minimize lateral movement risks.
  • Continuous monitoring: Deploy advanced threat detection to spot anomalies linked to this exploit.
  • User training: Reinforce security awareness since phishing or credential theft may complement exploitation.

Editor's Note

This unfolding security crisis serves as a sobering reminder of how interconnected enterprise IT ecosystems have become—and how vulnerabilities in one widely used software can cascade into far-reaching consequences. As hybrid infrastructures become the norm, organizations must balance innovation with relentless vigilance against evolving threats. Readers are encouraged to evaluate their cyber defense strategies, ensuring legacy systems do not become unattended entry points for attackers.

Moreover, this episode raises critical questions: Are corporate and government cybersecurity policies agile enough to respond to zero-day exploits rapidly? How can organizations better coordinate fixes across sprawling IT landscapes without disrupting essential operations?

Staying informed and proactive remains the best defense in this rapidly shifting cyber threat landscape.

Sam Altman’s World to Launch Iris-Scanning Orb Identity in UK from June 12
Sam Altman’s World to Launch Iris-Scanning Orb Identity in UK from June 12

World, the startup led by Sam Altman, is launching its iris-scanning Orb device in the UK beginning June 12. This biometric system creates a unique World ID to verify human users and prevent AI and bot fraud. Already popular in the US with over 13 million users, World’s tech is gaining traction with governments and enterprises focused on identity security amid rising AI threats.

Tech Giants Unite to Standardize Hacker Group Nicknames in Cybersecurity
Tech Giants Unite to Standardize Hacker Group Nicknames in Cybersecurity

Microsoft, CrowdStrike, Palo Alto Networks, and Alphabet have partnered to create a public glossary standardizing nicknames for state-sponsored hacker groups and cybercriminals. This initiative addresses confusion caused by overlapping and inconsistent names across the cybersecurity industry, aiming to enhance collective response efforts. Early successes suggest improved communication, but experts caution that transparency and collaboration remain vital.

Cartier Confirms Data Breach Exposes Customer Information in Cyberattack
Cartier Confirms Data Breach Exposes Customer Information in Cyberattack

Luxury jeweller Cartier recently confirmed a cyberattack that temporarily breached its systems, compromising limited customer details such as names, email addresses, and countries. No sensitive information like passwords or financial data were affected. The incident reflects a wider trend of cyberattacks targeting premium retail brands, prompting Cartier to strengthen its cybersecurity measures and coordinate with experts and authorities to safeguard customer information.

Major Internet Outage Disrupts North Korea’s Online Services
Major Internet Outage Disrupts North Korea’s Online Services

A significant internet outage disrupted North Korea's online connectivity on Saturday, affecting government websites, official news portals, and email services. Experts attribute the disruption to internal network failures since connections through China and Russia were simultaneously affected. North Korea maintains strict control over its internet, allowing only select officials global access, while the general public is limited to a domestic intranet. The country has previously experienced outages linked to cyberattacks, and it operates elite hacker groups accused of international cybercrimes, which it denies.

Chinese Hackers Exploit Phantom Crashes to Target US Officials' Smartphones
Chinese Hackers Exploit Phantom Crashes to Target US Officials' Smartphones

A sophisticated cyberattack involving phantom software crashes has targeted smartphones of US government officials, political figures, and journalists. Linked to Chinese state-affiliated hackers, this breach exposes vulnerabilities in mobile security, with experts warning of the risks posed by connected devices and the need for stronger safeguards against espionage.

Paraguay President's X Account Targeted in Bitcoin Scam Hack
Paraguay President's X Account Targeted in Bitcoin Scam Hack

Paraguay’s government confirmed suspicious activity on President Santiago Pena's X account, suspected to be a hack promoting a fake Bitcoin legal tender announcement and reserve fund. Authorities are investigating alongside X’s cybersecurity team, urging citizens to disregard any posts until the issue is resolved.

Iran Orders Citizens to Delete WhatsApp Over Israel Data Claims; App Responds
Iran Orders Citizens to Delete WhatsApp Over Israel Data Claims; App Responds

Iranian state media has called for the removal of WhatsApp, accusing the app of sharing user data with Israel—claims the company denies. WhatsApp stresses its strong end-to-end encryption and no user data tracking or sharing policy. Experts highlight ongoing concerns regarding metadata and data sovereignty amid Iran’s history of social media restrictions.

Can Foreign Governments Hack WhatsApp? Unpacking The Truth Behind The Claims
Can Foreign Governments Hack WhatsApp? Unpacking The Truth Behind The Claims

Iran recently accused WhatsApp of spying without any evidence, while WhatsApp denied these claims. With a user base of 3 billion, WhatsApp uses strong end-to-end encryption. However, Israeli-linked spyware like Pegasus has previously exploited WhatsApp vulnerabilities. These attacks often involve spearphishing, a targeted approach to install spyware. Users can protect themselves by staying cautious with emails, enabling two-factor authentication, and updating software regularly.

Czech Republic Summons Chinese Ambassador Over 2022 Cyberattack
Czech Republic Summons Chinese Ambassador Over 2022 Cyberattack

The Czech Republic has summoned China's ambassador following a cyberattack that targeted its Foreign Ministry in 2022. Investigations identified the China-linked APT31 cyberespionage group as responsible. Foreign Minister Jan Lipavský warned the attack would have serious bilateral consequences and urged China to prevent similar incidents. The Czech Security Information Office also flagged China as a security threat in its 2024 report.

Is Israel Exploiting Digital Signatures to Target Iranian Officials?
Is Israel Exploiting Digital Signatures to Target Iranian Officials?

Iran has prohibited government officials from using network-connected devices, responding to fears Israel might be using digital signatures to carry out cyber and targeted strikes. Following a major cyberattack on an IRGC-linked bank, Tehran escalated restrictions and urged users to delete WhatsApp amid spying claims. The measures highlight a growing technology-driven conflict between Iran and Israel.

Iran’s Nobitex Crypto Exchange Loses $90M in Devastating Cyberattack
Iran’s Nobitex Crypto Exchange Loses $90M in Devastating Cyberattack

Nobitex, one of Iran's largest cryptocurrency exchanges, fell victim to a devastating cyberattack that wiped out nearly $90 million. Claimed by the hacking group Gonjeshke Darande, the assault involved transferring funds to inaccessible wallets, effectively destroying the assets. The attack carries significant geopolitical weight amid ongoing tensions between Iran and Israel, highlighting cybersecurity vulnerabilities in the region.

Microsoft Flags Chinese Cyberattacks Exploiting SharePoint Vulnerability
Microsoft Flags Chinese Cyberattacks Exploiting SharePoint Vulnerability

Microsoft has disclosed that China-linked hacking groups have been exploiting a vulnerability in its SharePoint software since early July 2025. This exposure aligns with a history of Chinese cyber espionage attempts targeting Microsoft platforms, including a notable 2021 Exchange Server breach. U.S. cybersecurity agencies have issued alerts, and Microsoft has deployed patches in response. The incident highlights serious concerns about supply chain security, government and corporate cyber defenses, and broader national security implications amid sustained U.S.-China tech tensions.

China's Secret Cyberwar Against Russia Uncovered Amid Ukraine Conflict
China's Secret Cyberwar Against Russia Uncovered Amid Ukraine Conflict

Contrary to their public "no limits" friendship, China-backed cyber groups have targeted Russian government and defense sectors since the Ukraine war began. Seeking to compensate for its own military inexperience, China aims to sniff out Russian battle strategies and technology. Classified Russian documents even label China as a covert "enemy," exposing the fragile and suspicious nature of this alliance.

Andrew Cuomo Vows to Run NYC Mayoral Race Amid Florida Move Jokes
Andrew Cuomo Vows to Run NYC Mayoral Race Amid Florida Move Jokes

Andrew Cuomo, former New York Governor, has announced his independent run for New York City mayor, promising an all-or-nothing campaign. At a Hamptons event, he joked about moving to Florida if Assemblyman Zohran Mamdani wins. Cuomo critiques both Mamdani’s progressive policies and Mayor Eric Adams’ leadership as he seeks to revive his political career post-controversy.

Southwest Airlines to End Open Seating with New Assigned Seats and Boarding System
Southwest Airlines to End Open Seating with New Assigned Seats and Boarding System

In a historic change, Southwest Airlines will retire its unique open seating policy in favor of assigned seats starting January 27, 2026. This move, with tickets going on sale July 29, introduces eight boarding groups based on seat selection and status. The overhaul aims to boost efficiency and revenue but challenges a decades-old tradition that passengers cherished.