- Chinese state-sponsored hackers exploited vulnerabilities in Microsoft’s SharePoint software, breaching systems of hundreds of companies and government agencies, including the National Nuclear Security Administration and the Department of Homeland Security, with attacks detected as early as July 7, 2025.
- Microsoft has used China-based engineers to maintain SharePoint for years, a practice not disclosed in its hack announcement, raising concerns about potential security risks due to Chinese laws allowing government access to data.
- At least four to five U.S. federal agencies were compromised, with the Cybersecurity and Infrastructure Security Agency (CISA) reporting no evidence of data exfiltration at DHS, though the full scope of the breach is still under investigation. Read More