Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

A cyber-espionage campaign centred on vulnerable Microsoft software now involves the deployment of ransomware.

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

M icrosoft has released two emergency patches to address zero-day vulnerabilities that have been found in SharePoint RCE. Actively exploited in attacks, the two flaws (tracked as CVE-2025-53770 and CVE-2025-53771) are both “ToolShell” attacks that compromise services and that build on flaws that were fixed as part of July’s Patch Tuesday updates.

More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.

The U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises

Providing additional updates on the breach, Microsoft said in a blog post on Tuesday that two Chinese nation-state operators, Linen Typhoon and Violet Typhoon, exploited vulnerabilities in the internet-facing SharePoint servers.