Microsoft SharePoint Zero Day Exploited in Global Cyberattack Hitting 100 Organizations

What Is a Zero Day Attack and Why Is It So Dangerous?

A zero day vulnerability is a serious software flaw that hackers exploit before the developer becomes aware of it. Since there’s no patch at the time of discovery, it allows attackers to silently breach systems, often for weeks or even months. This makes Zero Day attacks one of the most feared threats in cybersecurity.

But this time, it was not just any flaw. Microsoft SharePoint, used by thousands of companies and governments worldwide, was targeted in what experts are calling a “coordinated global cyber assault.

What Happened in the Microsoft SharePoint Attack?

Researchers from cybersecurity firm Palo Alto Networks’ Unit 42 and the Volexity threat intelligence group discovered that attackers exploited a previously unknown Zero Day in Microsoft SharePoint. The attackers managed to use this flaw for Remote Code Execution (RCE), which means they could fully control infected servers without the users’ knowledge.

Why is that so alarming?
Because RCE allows hackers to silently install backdoors, spy on operations, steal data, and even pivot into other internal networks.

Who Was Affected by the ZeroDay Attack?

At least 100 organizations across North America, Asia, and Europe were reportedly impacted. These include:

• Government institutions
• Private enterprises
• Educational networks
• Think tanks and NGOs

Cybersecurity researchers say the attackers were extremely stealthy, with evidence pointing to China-based threat actors. Google’s Threat Analysis Group (TAG) also backed this claim, stating that the Chinese government may be indirectly linked to the attacks.

“Attackers exploited the vulnerability in targeted attacks against key sectors, including defense and energy,” said a report via Reuters.

What Has Microsoft Done So Far?

Microsoft was quick to issue an urgent security update once the flaw was discovered. In its official advisory, the company strongly urged all users to apply the patch immediately.

After learning about the problem, Microsoft acted fast. The company’s security team shared updates and released a patch to fix the issue.

Here’s the official statement shared by Microsoft Security Response on X:

“Microsoft has released security updates addressing the SharePoint vulnerability CVE-2025-26855. Customers are encouraged to apply these updates immediately.”

Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by CVE-2025-53770 and CVE-2025-53771. These vulnerabilities apply to on-premises SharePoint Servers only. Customers should apply these updates immediately to…

— Security Response (@msftsecresponse) July 21, 2025

This tweet shows how seriously Microsoft considers the situation and urges all users to take action now.

Is the patch enough?
Experts say patching is just the first step. Organizations need to run incident response checks, review access logs, and resecure their SharePoint environments.

How Are Security Experts Reacting?

Cybersecurity experts are concerned about the timing and coordination of the attack. The scale and stealth indicate that this may have been part of a larger cyber-espionage operation.

According to a tweet by @MarioNawfal, 

the attack could be a “signal of a rising cyber cold war.”

🇺🇸 GLOBAL MICROSOFT HACK EXPOSES STATE AGENCIES – NO PATCH, NO CLUE, NO COMMENT

A zero-day flaw in Microsoft’s SharePoint servers just cracked open U.S. agencies, energy firms, and universities.

Hackers are inside – stealing keys, lifting docs, and maybe worse.

No fix from… https://t.co/y7mqUIhvzy pic.twitter.com/k0VTWU96SX

— Mario Nawfal (@MarioNawfal) July 21, 2025

Additionally, user @theapril29th posted a tweet saying how deep the exploit ran across Microsoft servers.

Microsoft server hack hit about 100 organizations, researchers say

Most hit were in the US, Germany, and included government organizations -Shadowserver Foundation
Hack exploits previously unknown flaw in SharePoint software

Thousands of entities potentially now vulnerable to… pic.twitter.com/SRUcPKGIDS

— Mark Brewer (@theapril29th) July 22, 2025

How Are Governments Responding?

Governments in the U.S., India, and the EU are now reviewing their digital infrastructures. Some agencies are even temporarily taking SharePoint offline until full security reviews are completed.

“This is a wake-up call,” said one cybersecurity analyst in a Bloomberg article.

Are There Similar Attacks Happening Elsewhere?

Yes. Analysts noted increased activity in other Microsoft ecosystems, including Exchange Servers and Outlook Web Access, though SharePoint was the main target in this wave.

Researchers on Reddit’s /r/technology are closely tracking other unusual behavior in corporate networks.

This is what people are saying about the situation:

What Should Organizations Do Now?

• Immediately install Microsoft’s security patch
• Review recent network activity
• Conduct full audits of SharePoint environments
• Implement Zero Trust architecture if not already done
• Consider reaching out to professional cybersecurity teams for forensic analysis

What Could Happen Next?

Security experts believe that if this Zero Day had gone undetected any longer, the damage could have been even worse. But they also warn that this may not be the last Zero Day discovered this year.

Watch a detailed breakdown of the attack on YouTube for insights from cybersecurity professionals.

Final Thoughts

The Microsoft SharePoint Zero Day attack is a major cybersecurity event in 2025. It shows how vulnerable even the most widely used enterprise tools can be if not continuously updated and monitored.

Organizations must take this incident seriously and act fast. The next Zero Day could already be lurking, and preparedness is the only way to stay ahead.

Disclaimer

This content is made for learning only. It is not meant to give financial advice. Always check the facts yourself. Financial decisions need detailed research.