A cyber espionage operation exploited a zero-day vulnerability in Microsoft’s SharePoint software, affecting approximately 100 organisations.
Most victims affected are in the US and Germany, including several government entities.
The attack targeted self-hosted SharePoint servers, allowing hackers to install backdoors for ongoing access.
Microsoft-hosted instances were not affected.
Microsoft issued a security alert on July 19, 2025 urging customers to apply updates.
The affected organizations have not been named.
