Security researchers from Google and Microsoft have identified a zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770.

The flaw is being exploited by China-linked hacking groups, including “Linen Typhoon,” “Violet Typhoon,” and “Storm-2603.”

Discovered last weekend, the vulnerability allows attackers to steal private keys, install malware, and access files on compromised servers.

Microsoft said attacks have been occurring since at least July 7.

Charles Carmakal, CTO at Google’s Mandiant, confirmed that multiple actors are exploiting the flaw. At least one group is connected to China.

China has denied involvement, stating it opposes all cybercrime.

Recent Microsoft developments