Canada’s cybersecurity agency is issuing an alert over attacks it says are impacting Microsoft SharePoint servers, with a warning for organizations to act now to protect their information.

Microsoft issued an alert on Saturday that said the server software being targeted is used by government agencies and businesses to share documents within their organizations.

The company advised that security updates should be applied immediately.

The Cyber Centre is also urging companies to take various actions to reduce risks, including checking for a specific file in their servers.

“The Cyber Centre is aware of exploitation happening in Canada,” the Canadian Centre for Cyber Security wrote in a vulnerability alert.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day’s top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

“CVE-2025-53770 involves a deserialization of untrusted data in on-premises Microsoft SharePoint Servers allowing an unauthorised attacker to execute code over a network.”

Story continues below advertisement

Those who use SharePoint Online in Microsoft 365, which is in the cloud, have not been impacted.

Global News has reached out to the federal government and Communications Security Establishment Canada to inquire if any departments have been impacted.

Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.

More on Science and Tech
More videos

“It’s unambiguous,” Bernard said. “Who knows what other adversaries have done since to place other backdoors.”

Trending Now

Canadian leaders descend upon Ontario cottage country for high stakes meetings

Montreal dad facing murder charge after 9-year-old daughter found dead in New York

He declined to identify the affected organizations, saying that the relevant national authorities had been notified.

The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organizations.

The FBI said on Sunday that it was aware of the attacks and is working closely with federal and private-sector partners, but offered no other details.

The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.

Story continues below advertisement

In the alert, Microsoft said a vulnerability “allows an authorized attacker to perform spoofing over a network.” It issued recommendations to stop the attackers from exploiting it.

— with files from Reuters

&copy 2025 Global News, a division of Corus Entertainment Inc.