Cybercriminals are exploiting a zero-day vulnerability, CVE-2025-53771, in Microsoft SharePoint servers without needing login credentials.

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

LONDON >> A security patch released by Microsoft earlier this month failed to fully fix a critical flaw in the U.S. tech company’s SharePoint server software that had been identified at a hacking competition in May,

Microsoft has announced a critical SharePoint server breach affecting thousands of systems, prompting global cybersecurity efforts and emergency fixes.

A critical zero-day flaw in Microsoft SharePoint is under active exploitation, compromising thousands of government and enterprise servers globally.

The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations. Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.

A major cyber espionage operation has compromised around 100 organisations by exploiting Microsoft server software. The Shadowserver Foundation and Eye Security, who discovered the breach, have not disclosed which firms were affected.