The SharePoint vulnerabilities that Microsoft released emergency patches for earlier this week – tracked as CVE-2025-53770 and CVE-2025-53771 – have been exploited much further than previously thought. As reported by Bloomberg, the number of companies and organizations affected by the two exploits has grown to more than 400 in just a few days.

A wave of cyberattacks targeting Microsoft SharePoint servers has put hundreds of organisations worldwide at risk, including US government agencies. Groups of Chinese hackers, reportedly state-sponsored,

The US government agency in charge of designing and maintaining nuclear weapons was among those breached by a hack of Microsoft's SharePoint server software, Bloomberg reported. However, attackers weren't able to obtain any sensitive or classified information,

The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.