Microsoft SharePoint under mass attack with no patch available.

A summary of the ongoing cyber incident, who it concerns, the risks, and the mitigation.

Jul 21, 2025

∙ Paid

Hackers have broke into 85 SharePoint servers worldwide. They hit multinational corporations, government agencies, and banks across the US, Germany, France, and Australia.

Microsoft confirmed active exploitation of CVE-2025-53770, a critical zero-day vulnerability with a CVSS score of 9.8. As of posting, Microsoft have no patch ready.

Unknown attackers e…

Continue reading this post for free, courtesy of Ollie Law.

Or purchase a paid subscription.

A guest post by

Brad Law

I talk about empowering businesses, strategic guidance, and resilience planning @Fixinc