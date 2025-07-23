A critical zero-day vulnerability in Microsoft’s SharePoint document management software has been actively exploited by hackers, resulting in a major global cyber espionage campaign that breached over 100 organizations, including the U.S. National Nuclear Security Administration (NNSA), Bloomberg News reported on Tuesday, citing a source familiar with the matter.

The NNSA, responsible for maintaining the nation’s nuclear weapons stockpile, was among the high-profile government agencies affected. However, no sensitive or classified information is currently known to have been compromised during the attack.

Microsoft released an initial patch earlier this month, but cybersecurity firms found it insufficient, with hackers quickly developing exploits to bypass the fix, leading to the widespread breach.

Microsoft confirmed that the earlier patch did not fully address the vulnerability but has since released additional updates intended to resolve the issue. Despite efforts, the breach—dubbed “ToolShell” by security researchers—enabled attackers to steal cryptographic keys and deploy persistent webshells, giving them near-complete control over compromised SharePoint servers.

Broad Spectrum Of Targets

The cyberattack affected a broad spectrum of targets worldwide, including major corporations, financial institutions, healthcare providers, and multiple U.S. federal agencies. Data from cybersecurity organizations estimate more than 8,000 SharePoint servers remain vulnerable, with active exploitation ongoing in many networks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts urging organizations running on-premises SharePoint servers to apply the latest patches immediately and implement additional mitigations, warning that patching alone may not be sufficient to fully eradicate the threat.