A recent security breach of Microsoft SharePoint has raised concerns among researchers and cybersecurity experts. The attack, which included Chinese government spies, data thieves, and ransomware operators, was able to exploit vulnerabilities in the software’s code, allowing attackers to remotely execute malicious code.
The breach began with a hack at the Pwn2Own competition in May, where a Vietnamese researcher discovered two vulnerabilities in Microsoft SharePoint that could be exploited by hackers. However, it appears that the initial patch released by Microsoft on July 8 did not completely fix the issue, and attacks began just one day earlier.
Researchers are pointing to what they call “leak” as a possible source of the breach, with Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative (ZDI), stating that “a leak happened somewhere” and that this allowed hackers to bypass security fixes.
The MAPP program, which provides early access to security vendors on vulnerabilities before they are publicly disclosed, has also been called into question, with some researchers suggesting that the lack of information about two recent vulnerabilities may indicate a distrust of the program.
While Microsoft has declined to comment further on the incident, experts are urging companies to take immediate action to patch their SharePoint servers and protect themselves against potential attacks.
Source: https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak