Microsoft’s SharePoint Targeted Again by Hackers
Microsoft faces another global cybersecurity incident. A critical vulnerability in SharePoint, its widely-used file-sharing and collaboration platform, is being actively exploited by cybercriminals. According to Steven Meyer, Co-CEO and Co-founder of ZENDATA Cybersecurity, the situation highlights not only the ongoing fragility of Microsoft’s systems but also the underestimated ease with which attackers can breach even the most “secure” infrastructures.
This blog post breaks down the incident, analyzes the technical risks, and shares expert insights from ZENDATA’s leadership. We also offer key takeaways for organizations using Microsoft tools, and why patching alone is no longer enough.
The Attack: A Critical Flaw in SharePoint
Multiple cybersecurity agencies, including the US CISA, issued warnings in mid-July 2025. The threat actors are exploiting a previously unknown vulnerability in Microsoft SharePoint. This flaw allows attackers to take full control of on-premises SharePoint servers by deploying a file that harvests cryptographic keys. Once the keys are retrieved, hackers can return at any time, even after a patch is applied.
According to various reports, several thousand SharePoint servers worldwide have been compromised so far. Targets include US federal and state agencies, universities, and critical infrastructure companies.
Steven Meyer: “Just Patching Is Not Enough”
For Steven Meyer, Co-CEO and Co-Founder of ZENDATA Cybersecurity, this incident is a worst-case scenario.
“The vulnerability can be exploited remotely and gives full control to attackers, code execution, data theft, or data manipulation,” he warns. “Just applying the patch is not sufficient. The exploit tools are already public, meaning even unskilled attackers can take advantage of it.”
This democratization of cyberweapons makes the situation especially dangerous for organizations with limited security oversight. Steven’s remarks reinforce the urgent need for advanced detection, isolation measures, and continuous monitoring, not just reactive patching.
Who Is at Risk? Focus on On-Prem Deployments
While Microsoft has confirmed that its cloud-based SharePoint services are not affected, organizations using on-premises installations are directly at risk. In Switzerland, Meyer estimates that most companies have migrated to the cloud. Still, critical sectors like finance and public institutions continue to operate local SharePoint servers.
“Any organization unable to secure its own SharePoint should rethink its deployment,” says Steven. He stresses that security is not just the vendor’s responsibility. Organizations must implement their own access controls, network segmentation, and proactive threat hunting.
Microsoft’s Repeated Security Failures
This latest breach adds to Microsoft’s growing track record of cybersecurity incidents. In 2023, Russian hackers compromised government clients. In 2022, Chinese actors breached senior US officials’ email accounts. Now, two Chinese state-linked groups, Linen Typhoon and Violet Typhoon, are suspected in the SharePoint attacks. Microsoft acknowledges their role but avoids specifying their links to Beijing.
Microsoft products such as Exchange, Windows, SharePoint, Active Directory, and Edge are attractive targets due to their global dominance. “Despite real improvements in recent years, it is troubling to see a tech giant with this level of resources and market penetration continue to expose us to such risk,” concludes Steven Meyer.
What Should Organizations Do Now?
This breach underlines the need for a modern cybersecurity strategy. Every organization should:
-
Audit all local SharePoint deployments
-
Apply patches immediately but not rely solely on them
-
Monitor for abnormal behavior even after patching
-
Limit access rights and use segmentation
-
Deploy real-time threat detection and response tools
If you’re unsure where to start, consider exploring our cybersecurity services. Our team can help you assess your risk, implement protective measures, and ensure your environment is resilient against evolving threats.
Conclusion
The SharePoint attack is not just another patching exercise. It is a wake-up call. When exploitation tools are public and major vendors are targeted repeatedly, cybersecurity cannot be reactive. Organizations must anticipate, monitor, and prepare.
Read the full article of Le Temps here.
