The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in an alert, said it's aware of active exploitation of CVE-2025-53770, which enables unauthenticated access to SharePoint systems and arbitrary code execution over the network.

Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

Hours after Microsoft revealed hacking groups affiliated with the Chinese government have been exploiting a flaw in its SharePoint software, Bloomberg News reports that the National Nuclear Security Administration has also been breached in the attacks.

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs of active attacks on CVE-2025-53771, and that the patch is to provide more robust protections than the update for CVE-2025-49706.

Microsoft has released a critical patch for a security flaw in its SharePoint software. Hackers actively exploited this vulnerability, targeting businesses and US government agencies. The company issued the fix between July 19 and 20.

A newly discovered vulnerability in Microsoft’s SharePoint platform has spurred a mad frenzy from hackers — leading to breaches of some Microsoft clients.

Dubbed a “zero-day” because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.