Hundreds of organizations have been breached due to mass-hacks in SharePoint.

Security researchers have reported that hackers have infiltrated over 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint. This represents a significant increase in the number of detected compromises since the bug was first discovered last week. Eye Security, a Dutch cybersecurity firm, was the first to identify the vulnerability in SharePoint, a widely used server software for storing and sharing internal documents. Through internet scans, the firm has identified hundreds of affected SharePoint servers, a significant increase from the initial count of compromised servers earlier in the week.

Among the affected organizations is the National Nuclear Security Administration (NNSA), responsible for managing the U.S. stockpile of nuclear weapons. According to Ben Dietderich, a spokesperson for the Department of Energy, which oversees the NNSA, the impact was minimal with only a small number of systems affected. Other government departments and agencies were also targeted in the early wave of attacks exploiting the SharePoint bug, with evidence suggesting that hackers began exploiting the vulnerability as early as July 7.

The zero-day vulnerability, officially identified as CVE-2025-53770, affects self-hosted versions of SharePoint managed by companies on their own servers. Once exploited, the bug allows attackers to remotely execute malicious code on the server, gaining access to stored files and other systems within the company’s network. Microsoft has since released patches for all affected versions of SharePoint, but Google and Microsoft have warned of an increase in compromises as multiple China-backed hacking groups exploit the bug. The Chinese government has denied involvement in these activities.