Global cyberattack on Microsoft servers, over 100 companies impacted

REDMOND: A large-scale cyberattack exploiting a critical vulnerability in SharePoint servers software of Microsoft software compromised over a hundred organisations worldwide.

The attack affected entities including government agencies, universities, universities, energy companies, and telecommunications providers, with most victims located in the US and Germany.

Read more: Microsoft cuts off China-based engineers from US military support after scrutiny

The breach hinges on an unreported zero-day vulnerability identified as CVE-2025-53770 or “ToolShell”. It allowed unauthorised remote control execution on on-premises SharePoint servers.

The critical flaw enables attackers to gain full control over servers, including files and internal configurations, by exploiting de-sterilisation of untrusted data.

Microsoft confirmed that the attacks are active and ongoing. Researchers estimate that more than 8,000 SharePoint servers worldwide could be at risk.

Read more: First public beta of iOS 26 likely arriving this week for iPhone users

In response, the tech giant quickly issued emergency security patches for SharePoint Subscription Edition and SharePoint Server 2019. It also advised immediate application of updates to reduce exposure.

The US Cybersecurity and Infrastructure Security Agency (CISA) also issued warnings urging organisations to implement mitigation masures; this includes enabling the Antimalware Scan Interface and deploying Microsoft Defender Antivirus on affected servers.

Read more: Teen’s suicide after AI sextortion highlights alarming rise in deepfake abuse 

International cybersecurity agencies are investigating the breaches. Evidence suggests may be the work of either a single hacker or coordinated group.

The attackers managed to install backdoors that allowed them to maintain access and covertly spy over extended periods.