A critical vulnerability in Microsoft’s SharePoint software has been exploited in a cyber-espionage campaign affecting around 100 organisations, according to a Reuters report citing cybersecurity researchers.

The attacks, which began recently, target self-hosted SharePoint servers—commonly used by businesses and public institutions for internal document sharing. The exploit allows unauthorised access to these systems and can be used to install covert backdoors, enabling prolonged surveillance. Microsoft’s cloud-based SharePoint services are not affected by the breach.

The vulnerability, classified as a “zero-day” due to its previously unknown nature, was first detected on Friday by Dutch cybersecurity firm Eye Security. The company discovered the breach while investigating a compromised system belonging to one of its clients. Further collaboration with the non-profit Shadowserver Foundation led to the identification of approximately 100 affected organisations, with the majority based in the United States and Germany. Victims reportedly include several government agencies.

In response, Microsoft has issued security patches and urged all users operating self-hosted SharePoint servers to apply the updates immediately. The company emphasised that timely installation is essential to prevent further exploitation.

The origin and objectives of the attackers remain unknown, and investigations are ongoing. Authorities in affected jurisdictions have been notified. Security experts caution that while the attacks currently appear targeted, the risk could widen as details of the exploit become more publicly known.