The SharePoint flaw has now hit over 400 companies including a US nuclear administration

The SharePoint vulnerabilities that Microsoft released emergency patches for earlier this week – tracked as CVE-2025-53770 and CVE-2025-53771 – have been exploited much further than previously thought.

As reported by Bloomberg, the number of companies and organizations affected by the two exploits has grown to more than 400 in just a few days.

Dutch cybersecurity company Eye Security, which noticed some of the early attacks, said the hackers involved have now breached government agencies, corporations and groups from countries around the world including the U.S., Europe, Asia and the Middle East.

One of the highest profile agencies involved is the National Nuclear Security Administration, a U.S. agency that maintains the nations stockpile of nuclear weapons. Others include the U.S. Department of Education, Florida’s Department of Revue, and the Rhode Island General Assembly. Organizations include government agencies, education departments and technology services.

The SharePoint vulnerabilities allow threat actors access to those servers in order to steal keys that would allow them to impersonate users or services in phishing attacks. This means they could potentially gain access to networks where they could steal data, even that of a confidential or sensitive nature. Though Microsoft has issued patches to fix the flaws, researchers have cautioned that hackers may have already gained access to many of the targeted servers.

The Eye Security researchers have cautioned that the number of companies hacked may still grow as there are ways to compromise servers that do not leave traces, and that other "opportunistic" hackers may continue to exploit vulnerable servers. Companies who have not yet issued a patch for their SharePoint servers should do so immediately following Microsoft's instructions which include rotating machine keys and analyzing the logs and file system for signs of system exploits.

Microsoft has pointed the finger at both the Linen Typhoon and Violet Typhoon groups at being behind these attacks; both groups are said to be Chinese state-sponsored hacking groups. A third Chinese based hacking group, referred to as Storm-2603, is also said to have used the exploit in the wild.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

• Your Ring cameras weren’t hacked over the weekend — here’s what actually happened
• Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know
• 12 signs your phone has been hacked — and what to do next

Network

Contract Length

Any Contract Length

1 Month Contracts

12 Months Contracts

24 Months Contracts

27 Months Contracts

Showing 10 of 14 deals

Filters☰

SORT BYMonthly cost (low to high)Monthly cost (high to low)Product Name (A to Z)Product Name (Z to A)

+4 MONTHS FREE

ExpressVPN 24 month

$3.49

/mth

View

+3 MONTHS FREE

NordVPN 2 Year

$2.99

/mth

View

+3 months free

Surfshark 24 Months

$1.99

/mth

View

+4 MONTHS FREE

Private Internet Access 24 Month

$2.03

/mth

View

Proton VPN 24 Month

$2.49

/mth

View

+3 MONTHS FREE

ExpressVPN 12 month

$4.49

/mth

View

NordVPN 1 Year

$4.59

/mth

View

Surfshark 12 Months

$3.19

/mth

View

Private Internet Access 1 Month

$11.99

/mth

View

Proton VPN 12 Month

$3.99

/mth

View

Show more