U.S. Government, Corporate Systems Hit In Major Cyberattack

Government and corporate computer systems in the United States and abroad have been hit by a major cyberattack exploiting a vulnerability in one of Microsoft’s most widely used server software products, Alexei Oreskovic reported for Fortune Tech.

At least two U.S. federal agencies, multiple European government entities, a major Asian telecom firm, an energy company, and several universities have been affected.

The breach—classified as a zero-day attack due to its exploitation of a previously unknown software flaw—affects on-premise versions of Microsoft SharePoint.

Many organizations integrate SharePoint directly with Outlook and other critical services, meaning everything from passwords to emails and internal documents is now potentially compromised.

According to The Washington Post, at least two U.S. federal agencies, multiple European government entities, a major Asian telecom firm, an energy company, and several universities have been affected.

Microsoft has issued a patch for one version of the vulnerable software, but fixes for two other versions were still in development.

“Our team is working urgently to release a security update and will share more details as they become available,” the company said in a statement on X, linking to a blog post outlining mitigation steps.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released an alert, warning that the exploit “provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.”