Hackers have exploited a critical flaw in Microsoft’s SharePoint server software, breaching US government agencies, universities, and global businesses.
SharePoint helps in sharing and managing documents.
The “zero-day” attack, targeting a previously unknown vulnerability, allowed access to sensitive data and login credentials, according to the Washington Post.
While Microsoft issued a patch for one version, two remain vulnerable. The FBI, along with officials in Canada and Australia, is investigating.
Experts say tens of thousands of servers are at risk. Victims, including agencies in Spain and Brazil, scramble to recover.
Security firms warned that stolen encryption keys could let hackers return even after patching.
The breach doesn’t affect Microsoft 365 cloud users, but on-site servers remain exposed.