Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signalling a sharp rise in the number of detected compromises since the bug was discovered last week.
Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use to store and share internal documents, said it had identified hundreds of affected SharePoint servers by scanning the internet. The number has risen from the dozens of known compromised servers as of earlier this week.
Bloomberg reports that one of the affected organizations includes the National Nuclear Security Administration (NNSA), the federal agency responsible for maintaining and developing the U.S. stockpile of nuclear weapons. A spokesperson for the Department of Energy, which houses the NNSA, did not respond to TechCrunch’s request for comment.
Several other government departments and agencies were also compromised in an early wave of attacks exploiting the SharePoint bug, researchers confirmed. Data suggests hackers were exploiting the vulnerability as early as July 7.
The bug, officially known as CVE-2025-53770, affects self-hosted versions of SharePoint that companies set up and manage on their own servers. Once exploited, the bug allows an attacker to remotely run malicious code on the affected server, permitting access to the files stored inside, as well as other systems on the company’s wider network.
The vulnerability is known as a zero-day because Microsoft had no time to release patches before it was exploited. Microsoft has since released patches for all affected SharePoint versions.
Google and Microsoft say they have evidence that several China-backed hacking groups are exploiting the bug, but warned companies to expect an uptick in compromises as more hacker groups seek to take advantage of the vulnerability. The Chinese government denied the allegations.
Techcrunch event
San Francisco
|
October 27-29, 2025
