Global Cyberattack Exploits Microsoft SharePoint flaw, hits U.S. agencies and global infrastructure

InternationalNews.uk

A critical vulnerability in Microsoft SharePoint Server is being actively exploited in a sweeping global cyberattack targeting U.S. federal agencies, international governments, universities, and major infrastructure providers.

The flaw, tracked as CVE-2025-53770 and dubbed “ToolShell”, allows attackers to gain remote, unauthorised access to SharePoint servers, enabling them to execute malicious code and steal sensitive data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed the exploit is being used in active attacks and warned organisations to take immediate protective measures.

Microsoft has acknowledged the threat and is currently testing a comprehensive patch. In the meantime, it has issued mitigation guidance, urging administrators to implement recommended security steps without delay.

Cybersecurity firm Eye Security reported the vulnerability began being exploited late Friday, with dozens of servers compromised globally. Confirmed victims include two undisclosed U.S. federal agencies, government offices in Europe, a university in Brazil, a telecommunications firm in Asia, and a local authority in Albuquerque, New Mexico. Arizona state officials are reportedly coordinating with tribal and local entities to evaluate the breach’s impact.

“This is a fast-moving threat. There’s definitely a mad scramble across the nation right now,” a source familiar with the response told The Washington Post.

The ongoing attacks highlight growing concerns about supply chain vulnerabilities and the persistent targeting of enterprise platforms like SharePoint in state-backed and criminal cyber campaigns.

InternationalNews.uk will continue to monitor this developing story.