A critical security flaw in Microsoft’s SharePoint server software is actively being exploited by hackers, putting thousands of organisations worldwide at serious risk.
The vulnerability, tracked as CVE-2025-53770, allows attackers to remotely run malicious code on on-premises SharePoint servers without needing to log in. This means hackers can access sensitive files, steal security keys, and take full control of affected servers, including those used by governments, universities, and large companies.
Microsoft confirmed the breach and released emergency security patches for SharePoint Subscription Edition and SharePoint 2019 but said fixes for SharePoint 2016 are still in development. The company urges all affected customers to install the updates immediately to reduce exposure.
Experts warn that even patched systems might still be vulnerable if hackers had already stolen authentication keys or implanted backdoors before updates were applied. More than 10,000 organisations are estimated at risk worldwide, with the highest numbers in the United States, the UK, the Netherlands, and Canada; however, Nigerian organisations using on-premises SharePoint should also take note.
Silas Cutler, a cybersecurity researcher, said, “This is a dream for ransomware operators. We expect a surge in malicious activity targeting this exploit over the coming days.” Palo Alto Networks likewise called it “a serious and active threat,” confirming real-world attacks are ongoing.
To protect their servers, Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) recommend enabling Microsoft Defender Antivirus, configuring Antimalware Scan Interface (AMSI), and disconnecting vulnerable servers from the internet if applying patches is not immediately possible.
This breach shows a major challenge for IT teams globally, including Nigeria’s, where many still rely on SharePoint servers for document management and internal communication. Gene Yu, CEO of Singapore’s Blackpanda cyber incident response firm, explains, “When they’re able to compromise the fortress that is SharePoint, everyone is at their mercy because SharePoint is one of the most secure protocols out there.”
Microsoft’s SharePoint Online cloud service is not affected by this vulnerability, but customers using on-premise installations must act fast to secure their systems. Staying up to date with patches and following security guidance is critical to avoid costly data breaches and ransomware attacks.
Nigerian organisations using SharePoint servers should urgently check their security settings and apply recommended protections to avoid falling victim to these dangerous attacks.
Train veers off track, kills 39 in Spain
January 19, 2026
