SharePoint hit by zero-day attack targeting organisations around the world

Imagine locking your doors at night only to realise someone already has a copy of your keys.

Well, that’s essentially what happened to over 75 servers across 29 organisations—from European government agencies and Asian multinational firms to Brazilian universities—after attackers exploited a critical zero-day vulnerability in Microsoft’s on-premise SharePoint Server.

The flaw, tracked as CVE-2025-53770, allowed hackers to sneak in without needing login credentials and quietly steal the cryptographic keys that secure everything inside.

These keys, known as MachineKeys, are meant to control access and validate users. But once stolen, attackers can forge trusted credentials and stay hidden inside a system, even after a patch is applied.

So, why did the breach happen?

The vulnerability stems from the way SharePoint was designed to manage data. The platform tried to automatically process incoming data objects but didn’t check where they came from or whether they were safe. That oversight opened the door for what’s called a deserialization attack, letting hackers inject malicious instructions that the system blindly followed.

Microsoft says it has since released a patch for CVE-2025-53770 and a related flaw (CVE-2025-53771), and is urging all On-Prem SharePoint users to update immediately. The patch doesn't fix the deeper issue: if attackers stole the keys, they may still be in the system.

That’s why cybersecurity experts are warning that patching alone won’t be enough this time. Organisations may need to rotate their keys, comb through access logs, and, in some cases, rebuild parts of their systems entirely to be safe.

Russian hackers allegedly attempting to break into Microsoft’s systems

The alleged attempt poses a threat to national security, since Microsoft as one of the world’s largest software makers provides digital services and infrastructure to the U.S. government.

TechloyTechloy

Plus, this isn’t the first time we’ve seen this kind of persistence-focused attack. Atlassian’s Confluence was hit in 2022. Oracle’s WebLogic faced similar issues. But SharePoint is a different beast — widely used in sensitive environments, often running older, on-prem setups that are harder to secure.

Microsoft also confirmed that SharePoint Online (Microsoft 365) users weren’t affected, reinforcing a growing divide between the patch speeds and monitoring capabilities of cloud vs. legacy on-prem systems.

As threats evolve, this breach is a reminder that security is more about how fast you can detect, respond, and recover, especially when attackers have the keys and the head start.

Microsoft 365 suffers search outage, affecting Outlook, Teams, and SharePoint

Microsoft 365 suffered a downtime Monday which prevented some customers from using the search functionality across multiple Microsoft 365 services – including Outlook on the Web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The software giant confirmed the outage in a tweet, stating that it is “investigating an

TechloyEmmanuel Oyedeji