Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems.

Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

A China-linked threat actor has been observed exploiting SharePoint servers to deliver ransomware, according to Microsoft researchers, in the latest sign of worsening attacks against on-premises SharePoint Server customers.

The attacks appear to have escalated because Microsoft released incomplete patches for the initial vulnerabilities, according to Benjamin Harris, CEO of watchTowr. After researche

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

The SharePoint vulnerabilities that Microsoft released emergency patches for earlier this week – tracked as CVE-2025-53770 and CVE-2025-53771 – have been exploited much further than previously thought. As reported by Bloomberg, the number of companies and organizations affected by the two exploits has grown to more than 400 in just a few days.

Microsoft is urging organizations to rotate machine keys for on-premises SharePoint Servers impacted by widely exploited critical vulnerabilities — an indicator that attackers are stealing the keys to enable further cyberattacks,

The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.’s SharePoint servers is increasing rapidly, with the tally of victims soaring more than six-fold in a few days,