Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

A cyber-espionage campaign centred on vulnerable Microsoft software now involves the deployment of ransomware.

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs of active attacks on CVE-2025-53771, and that the patch is to provide more robust protections than the update for CVE-2025-49706.

Officials in Indiana and Missouri said technologists remain watchful, but their states so far seem to have avoided compromise. The latter’s Office of Administration credited a layered security approach for helping deflect bad actors.

Hours after Microsoft revealed hacking groups affiliated with the Chinese government have been exploiting a flaw in its SharePoint software, Bloomberg News reports that the National Nuclear Security Administration has also been breached in the attacks.

Microsoft has released a critical patch for a security flaw in its SharePoint software. Hackers actively exploited this vulnerability, targeting businesses and US government agencies. The company issued the fix between July 19 and 20.