Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

Department of Homeland Security headquarters, several of its agencies and the Department of Health and Human Services have been hacked as part of a wider breach of Microsoft SharePoint.​

It's not just data theft. A China-based hacking group is using a flaw in vulnerable SharePoint servers to deliver ransomware, Microsoft warns.

Microsoft said some of the hackers involved in the cyberespionage sweep aimed at the U.S. tech giant's SharePoint servers are now using ransomware, a potential escalation in the wide-ranging spy campaign.

Microsoft contained a major SharePoint security flaw, amid fresh questions about the future of its legacy on-premises software.

Victims of the recent global hacking campaign include the National Institutes of Health and the National Nuclear Security Administration, officials said.

Microsoft Corp. issued a progress report on what it described as the largest cybersecurity engineering project in history.

The Department of Energy, which oversees the agency that manages the US nuclear weapons stockpile, confirms it was affected by the SharePoint bug, but says it was 'minimally impacted.'

The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The researcher said he picked the name because it exploited ToolPane.aspx, a component for assembling the side panel view in the SharePoint user interface.