Skip to content
Search
Close search
Menu
Home News Microsoft SharePoint Attacks: What Your Business Needs to Know

A new wave of cyber attacks targeting Microsoft SharePoint has left many businesses exposed, according to multiple threat reports this week. Attackers are actively exploiting vulnerabilities in SharePoint to gain unauthorised access, move laterally within networks, and exfiltrate sensitive data. 

Why SharePoint? 

SharePoint’s widespread use as a collaboration tool makes it an attractive target for cyber criminals. Unpatched systems, poor configuration, and over-permissioned accounts create easy entry points for attackers. 

How are Organisations Being Targeted? 

CVE-2025-53770 (CVSS v3.1: 9.8 [Critical]) is an unauthenticated Remote Code Execution vulnerability with publicly available exploit code and has been actively exploited since 19th July 2025. 

Recommended Actions for Organisations 

  1. Patch Immediately 

    Apply Microsoft’s emergency updates (available for SharePoint Server 2019, SharePoint Enterprise 2019 and SharePoint Server Subscription Edition). Ensure SharePoint servers are fully patched with the latest security updates. 
  1. Proactively Audit 

    Scan for outdated tools, components and ways into critical systems regularly. The team at the Cyber and Fraud Centre – Scotland is available to help with a vulnerability assessment, which will proactively identify security gaps, helping you prioritise and address issues before they can be exploited. This improves your organisation’s overall security posture, reduces the risk of breaches, and helps maintain compliance with industry standards, ultimately safeguarding your assets and reputation. More information can be found here – Vulnerability Assessments – Cyber and Fraud Centre – Scotland.
  1. Review Access Controls 

    Limit permissions to what users actually need. Over-permissioned accounts are high-risk. 
  1. Monitor Activity 

    Enable and actively monitor SharePoint logs for suspicious activity, such as unusual file downloads or account logins. 
  1. Multi-Factor Authentication (MFA) 

    Enforce MFA for all users, especially administrators. 
  1. Employee Awareness 

    Brief staff about the risks of phishing emails linked to SharePoint content. 

In the Event of a Suspected Breach 

If your organisation suspects unauthorised access to SharePoint, seek professional cyber support immediately. In Scotland, the National Incident Response Helpline is available to call for free on 0800 1670 623. 

Further Reading

Follow trusted sources for the latest threat intelligence and updates from Microsoft. 

22.07.25
Threat Intelligence Alerts
Kerry Manton
Written by
Kerry Manton
, ,

Related articles