In recent weeks, security experts have observed an unprecedented wave of attacks targeting unpatched vulnerabilities in Microsoft SharePoint. The breaches began on July 18th, 2025, with the exploitation of CVE-2025-49704 and CVE-2025-49706, followed by a more critical exploit taking advantage of two zero-day vulnerabilities: CVE-2025-53770 and CVE-2025-53771. These attacks have compromised over 100 organizations globally, with the United States and Germany being among the hardest hit.
The initial wave was identified as a result of efforts by security firms like Sophos and others who noticed an uptick in unusual activity targeting SharePoint servers accessible via the internet. As investigations progressed, it became evident that the attacks were more sophisticated than initially thought, indicating not just one but several perpetrators involved in exploiting these vulnerabilities for malicious purposes.
Microsoft promptly released critical updates to address these issues, including emergency patches for older versions of SharePoint such as 2016 and 2019. By July 21st, 2025, the company published detailed guidance on how organizations could mitigate risks posed by these vulnerabilities through immediate patching and enhanced security measures.
Interestingly, Mandiant’s intelligence suggests that at least one of the threat actors exploiting these vulnerabilities has strong ties to China, marking a significant geopolitical dimension to this cybersecurity incident. This revelation underscores the ever-increasing sophistication and international nature of cyber threats today. Microsoft has since issued further statements detailing observed activities by specific threat groups like Linen Typhoon and Violet Typhoon, both with Chinese affiliations.
Comprehensive Insights into Zero-Day Exploits in SharePoint
As reported by Reuters on July 21st, approximately 100 organizations suffered from these attacks over the weekend, highlighting a severe breach of security protocols. Organizations impacted include private enterprises as well as governmental institutions across multiple countries. This incident serves as a stark reminder of the vulnerability inherent within legacy software and underscores the importance of continuous updates and robust cybersecurity measures.
The rapid spread and impact of this exploit highlight critical issues concerning patch management and incident response strategies for enterprise environments. The swift reaction from Microsoft to release necessary security updates demonstrates proactive engagement in combating emerging threats but also points towards a pressing need for better synchronization between threat detection, vulnerability assessment, and software patch deployment processes within organizations.
Similar questions
What are CVE-2025-49704 and CVE-2025-49706?
When did the attacks start?
How many organizations were affected by these breaches?
Which countries were most impacted by this cyberattack?
Who first noticed unusual activity related to these attacks?
What was unique about the sophistication of the attacks according to investigations?
Did Microsoft provide any updates or patches for older versions of SharePoint?
When did Microsoft release detailed guidance on mitigating these risks?
According to Mandiant, which country is linked to one of the threat actors involved in this attack?
Which specific threat groups with Chinese affiliations has Microsoft identified as being involved?