Why in news?
In July 2025 cybersecurity agencies warned of widespread exploitation of newly discovered vulnerabilities in on‑premises Microsoft SharePoint servers. Ransomware groups and state‑backed hackers were using the flaws to infiltrate networks of governments and private firms.
Background
SharePoint is a popular collaboration platform used by many organisations to store and manage documents. Researchers discovered several critical vulnerabilities (commonly referenced by CVE numbers) that allowed attackers to execute malicious code remotely. Exploiting these loopholes, attackers could install malware, steal data or encrypt files for ransom.
Key points
- Scope of attack: Reports suggested that more than 90 state and local government networks were targeted. Attackers used phishing emails and exposed internet‑facing servers to deploy malware.
- Actions by authorities: Microsoft released emergency patches and urged administrators to apply updates immediately. The US Cybersecurity and Infrastructure Security Agency (CISA) issued directives asking federal agencies to disconnect unpatched servers and audit their networks.
- Lessons for organisations: The incident underscores the importance of timely patching, network segmentation, regular backups and multi‑factor authentication. Organisations should also restrict internet exposure of critical services and monitor logs for suspicious activity.
Significance
The SharePoint exploitation highlights how quickly adversaries weaponise newly disclosed vulnerabilities. For India and other countries building digital public infrastructure, the episode emphasises the need for robust cyber hygiene, local testing of software and stronger coordination between government and private CERTs (computer emergency response teams).