Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, impersonation, and extortion.

New estimates regarding the recently-exploited Microsoft SharePoint vulnerabilities now evaluate that as many as 400 organizations may have been targeted.

Microsoft blamed two Chinese nation-state actors for exploiting recently discovered security flaws in SharePoint to infiltrate vulnerable organizations, like schools, state governments, and the U.S. government’s top nuclear security agency.

A cyber-espionage campaign centered on vulnerable versions of Microsoft's server software now involves the deployment of ransomware, Microsoft said in a late Wednesday blog post.

Department of Homeland Security headquarters, several of its agencies and the Department of Health and Human Services have been hacked as part of a wider breach of Microsoft SharePoint.​

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

Microsoft contained a major SharePoint security flaw, amid fresh questions about the future of its legacy on-premises software.

Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems.

A series of cyberattacks targeting Microsoft collaboration software, specifically SharePoint, have been linked to Chinese hackers and threat actors.

Microsoft confirms Chinese hackers exploited a SharePoint flaw; Patches now available. Cloud-based Microsoft 365 not affected.