• Zero-day flaw in Microsoft SharePoint exploited globally
• Dozens of US government agencies compromised
• Hack affects on-premise servers, not Microsoft 365
• Urgent calls to take servers offline or reconfigure
• Microsoft has yet to issue a security patch
• Investigations underway in the US, Australia, and Canada
• Private businesses also hit alongside the public sector
• Experts warn of data theft and future access risks
• Attack exposes dangers of legacy infrastructure
• Software supply chain security is now under scrutiny

A sweeping cyberattack on Microsoft SharePoint servers has left dozens of US government agencies and private businesses exposed, with authorities scrambling to contain the damage.

The Washington Post reports that tens of thousands of on-premise SharePoint servers have been compromised in recent days, marking one of the most severe global software breaches of the year.

The platform, widely used for document management and internal collaboration, is still vulnerable as Microsoft has yet to release a security patch.

Cybersecurity experts have issued urgent warnings to organizations still running affected systems, urging them to either disconnect the servers or implement immediate configuration changes to reduce the risk of further infiltration.

Unlike many previous cyberattacks, this breach does not affect Microsoft’s cloud-based services such as Microsoft 365. Instead, it targets physical servers housed within corporate or government facilities.

Security researchers have classified the incident as a “zero-day” attack, meaning it exploits a previously unknown vulnerability.

This leaves organizations especially vulnerable, as traditional antivirus and security tools are unlikely to detect or prevent it without a patch.

“We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available,” Pete Renals, senior manager with Palo Alto Networks’ Unit 42, told The Washington Post.

“We have identified dozens of compromised organizations spanning both commercial and government sectors.”

While Microsoft works on developing and deploying a fix, the breach is already under investigation by US federal authorities in collaboration with counterparts in Australia and Canada.

The transnational nature of the hack has raised alarms across intelligence and cybersecurity communities, with fears that additional, as-yet-undetected intrusions may follow.

The attack underscores the persistent fragility of traditional enterprise IT environments, particularly those still reliant on legacy on-premise infrastructure.

Experts have long warned that hybrid environments – those with both cloud and on-premise components – can become fragmented and difficult to secure, especially as new vulnerabilities emerge.

As organizations work to understand the scope of the compromise, incident response teams are prioritising forensic investigation, damage limitation, and real-time system monitoring.

There are growing concerns that bad actors may already have extracted sensitive information or installed backdoor access, increasing the likelihood of future attacks.

The hack also raises serious questions about software supply chain security, patch management processes, and how global organisations evaluate the risks of continuing to operate vulnerable on-premise infrastructure without immediate vendor support.