A critical unpatched vulnerability in Microsoft SharePoint (CVE-2025-53770) has been actively exploited in a global cyberattack affecting U.S. state agencies and numerous companies. Reports indicate that hackers are using the zero-day flaw to gain full server access through remote code execution (RCE) attacks. Microsoft has acknowledged the ongoing attacks but has not yet released a patch to mitigate the threat. As the situation evolves, organizations are being warned to secure their SharePoint servers against potential breaches stemming from this malicious exploit.