
Microsoft knew of SharePoint server exploit but failed to effectively patch it
LONDON: A security patch released by
Microsoft
last month failed to fully fix a critical flaw in U.S. tech giant's SharePoint server software that had been identified in May, opening the door to a sweeping global
cyber espionage
operation.
It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend. But Alphabet's Google, which has visibility into wide swathes of internet traffic, said it tied at least some of the hacks to a "China-nexus threat actor".
The Chinese Embassy in Washington did not respond to a Reuters request for comment. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations.
Contacted on Tuesday, Microsoft was not immediately able to provide comment on the patch and its effectiveness.
The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by
cybersecurity
firm
Trend Micro
, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for "zero day" exploits - so called because they leverage previously undisclosed digital weaknesses - that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified a SharePoint bug at the event, dubbed it 'ToolShell' and demonstrated a method of exploiting it.
The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro's "Zero Day Initiative". A spokesperson for Trend Micro did not immediately respond to Reuters' requests for comment regarding the competition on Tuesday.
Microsoft subsequently said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.
Around 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers.
"Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post on Monday.
The pool of potential ToolShell targets remains vast.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
Hashtags

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Economic Times
41 minutes ago
- Economic Times
BYD runs India remotely as China tensions shut out top brass
Synopsis BYD faces hurdles in India due to strained political ties. Visa issues force executives to meet abroad. Despite this, BYD cars are popular. India rejects BYD's investment plan. This impacts tariff benefits. Tesla expands in India. BYD relies on its Chennai plant. High import duties increase car costs. India now allows Chinese tourist visas again. Reuters Representative image. China's BYD Co. is forging ahead with its attempts to expand in India despite roadblocks from the government that are preventing the electric vehicle maker from conducting key business dealings there. Like most Chinese companies, BYD has been unable to obtain visas for executives after a deadly clash between Indian and Chinese soldiers along a disputed Himalayan border in 2020 sparked a major deterioration in political ties. That's seen the EV giant resort to holding board meetings and high-level business interactions in Colombo in Sri Lanka and Kathmandu in Nepal, and even as far away as Singapore, according to people familiar with the Zhang, BYD's managing director for India, has been unable to obtain a work permit since he left the EV maker's local base in Chennai, despite government efforts to facilitate his travel, said the people, who asked not to be identified because they're not authorized to speak worked from the carmaker's headquarters in Shenzhen in 2021 before moving to Tokyo this year, they said. From Japan, he oversees Asian markets including India, the people said. Also Read: Chinese carmaker BYD launches smartphone-car connectivity feature An on-the-ground presence is particularly important for manufacturers, given the need for quick decision making, addressing productivity issues and establishing community cold shoulder is mutual. As recently as March, travel restrictions were still being wielded in the political spat. That month, an Indian contingent wanting to visit a major meeting of BYD car dealers in Shenzhen had to be scaled down after the majority of participants, including the company's employees based in India, were unable to obtain visas, a person familiar with the matter said. A representative for BYD in India declined to the operational difficulties, BYD has proved popular with Indian drivers — sales in the first half of this year are nearly touching the total units sold in 2024. Also Read: Tesla's long-awaited India debut bets on luxury vehicle buyers Indian officials have been clear they won't welcome investment from the carmaker — Commerce Minister Piyush Goyal said earlier this year that it's a 'no' to BYD due to caution around the nation's strategic has already rejected BYD's $1 billion plan to build a plant in partnership with a local company. This leaves the Chinese firm unable to qualify for reduced tariffs on imported EVs in exchange for establishing a substantial manufacturing presence in freeze contrasts with the experience of Tesla Inc. Its Chief Executive Officer Elon Musk met with India's Prime Minister Narendra Modi in the US earlier this year. The US carmaker opened its first showrooms in India this month, with deliveries set to begin as early as August. Tesla doesn't have plans to establish local manufacturing, meaning it faces import taxes of as much as 110% for fully-assembled overseas is critical for BYD, which risks missing its target to sell 5.5 million cars this year as demand in China stagnates and it draws the ire of Beijing following rounds of heavy price without the ability to invest in manufacturing in India, BYD relies on its assembly plant in the southern city of Chennai, which has annual capacity of 10,000 to 15,000 units, to meet Indian company also imports most cars it sells in India, but hefty duties — aimed at shielding domestic firms — effectively double the cost of a vehicle and India restricts volumes unless a model has received a local roadworthiness tensions between China and India are thawing, it's unclear whether curbs on professional visas will be lifted or if BYD will ever be welcomed with open arms. Still, there are tentative signs of progress. Earlier this month, India allowed Chinese nationals to apply for tourist visas again.


Time of India
an hour ago
- Time of India
TCS to lay off over 12,000 employees this year; mid, senior level staff to be impacted
New Delhi: India's largest IT services firm, Tata Consultancy Services (TCS), is set to lay off about 2%, or 12,261 employees, of its global workforce this year, with the majority of those impacted belonging to middle and senior grades. As of June 30, 2025, TCS's workforce stood at 6,13,069. It increased its workforce by 5,000 employees in the recently concluded April-June quarter. The move is part of the company's broader strategy to become a "future-ready organisation", focusing on investments in technology, AI deployment, market expansion, and workforce realignment, TCS said in a statement. "TCS is on a journey to become a Future-Ready organisation. This includes strategic initiatives on multiple fronts, including investing in new-tech areas, entering new markets, deploying AI at scale for our clients and ourselves, deepening our partnerships, creating next-gen infrastructure, and realigning our workforce model. "Towards this, a number of reskilling and redeployment initiatives have been underway. As part of this journey, we will also be releasing associates from the organisation whose deployment may not be feasible. This will impact about 2% of our global workforce, primarily in the middle and the senior grades, over the course of the year," it said. TCS will provide appropriate benefits, outplacement, counselling, and support to the impacted employees, it added The move comes at a time when India's top IT services companies have delivered single-digit revenue growth in Q1FY26, capping off a somewhat-sobering June quarter as macroeconomic instability and geopolitical tensions weighed on global tech demand and delayed client decision-making. For TCS, the revenue rose 1.3% year-on-year to Rs 63,437 crore, bottomline improved 5.9% to Rs 12,760 crore in Q1FY26. TCS MD and Chief Executive K Krithivasan recently said the company is experiencing a "demand contraction" due to the continued uncertainties on the macroeconomic and geopolitical fronts, and added that he does not see a double-digit revenue growth in FY26. Krithivasan explained the delays in decision-making experienced in the preceding quarter have "intensified" now, and hoped for the discretionary spends - a prime mover of revenue growths for IT companies - would return once the uncertainties ebb. Microsoft, the second most valuable publicly listed company after Nvidia globally, has so far laid off over 15,000 employees in 2025, that is 7% of the company's global workforce. In a memo to over 200,000 employees last week, Microsoft CEO Satya Nadella said the layoffs this year have been "weighing heavily" on him. "This is the enigma of success in an industry that has no franchise value," he said in the memo to staff. He added: "Progress isn't linear. It's dynamic, sometimes dissonant, and always demanding. But it's also a new opportunity for us to shape, lead through, and have greater impact than ever before." According to - a platform that tracks global tech industry layoffs - over 80,000 tech workers have been laid off across 169 tech companies in 2025 alone. In 2024, that number stood at a staggering 1.5 lakh across 551 tech companies - the stark numbers coinciding as much with global macroeconomic woes as with deep debate in tech circles about the impact of AI on job roles, workforce, and employability.
&w=3840&q=100)

Business Standard
an hour ago
- Business Standard
BYD runs India remotely as tensions with China shut out top brass
China's BYD Co. is forging ahead with its attempts to expand in India despite roadblocks from the government that are preventing the electric vehicle maker from conducting key business dealings there. Like most Chinese companies, BYD has been unable to obtain visas for executives after a deadly clash between Indian and Chinese soldiers along a Himalayan border in 2020 sparked a major deterioration in political ties. That's seen the EV giant resort to holding board meetings and high-level business interactions in Colombo in Sri Lanka and Kathmandu in Nepal, and even as far away as Singapore, according to people familiar with the matter. Ketsu Zhang, BYD's managing director for India, has been unable to obtain a work permit since he left the EV maker's local base in Chennai, despite government efforts to facilitate his travel, said the people, who asked not to be identified because they're not authorised to speak publicly. Zhang worked from the carmaker's headquarters in Shenzhen in 2021 before moving to Tokyo this year, they said. From Japan, he oversees Asian markets including India, the people said. An on-the-ground presence is particularly important for manufacturers, given the need for quick decision making, addressing productivity issues and establishing community ties. Cold Shoulder The cold shoulder is mutual. As recently as March, travel restrictions were still being wielded in the political spat. That month, an Indian contingent wanting to visit a major meeting of BYD car dealers in Shenzhen had to be scaled down after the majority of participants, including the company's employees based in India, were unable to obtain visas, a person familiar with the matter said. A representative for BYD in India declined to comment. Despite the operational difficulties, BYD has proved popular with Indian drivers — sales in the first half of this year are nearly touching the total units sold in 2024. Indian officials have been clear they won't welcome investment from the carmaker — Commerce Minister Piyush Goyal said earlier this year that it's a 'no' to BYD due to caution around the nation's strategic interests. India has already rejected BYD's $1 billion plan to build a plant in partnership with a local company. This leaves the Chinese firm unable to qualify for reduced tariffs on imported EVs in exchange for establishing a substantial manufacturing presence in India. The freeze contrasts with the experience of Tesla Inc. Its Chief Executive Officer Elon Musk met with India's Prime Minister Narendra Modi in the US earlier this year. The US carmaker opened its first showrooms in India this month, with deliveries set to begin as early as August. Tesla doesn't have plans to establish local manufacturing, meaning it faces import taxes of as much as 110 per cent for fully-assembled vehicles. Expanding overseas is critical for BYD, which risks missing its target to sell 5.5 million cars this year as demand in China stagnates and it draws the ire of Beijing following rounds of heavy price discounting. But without the ability to invest in manufacturing in India, BYD relies on its assembly plant in the southern city of Chennai, which has annual capacity of 10,000 to 15,000 units, to meet Indian demand. The company also imports most cars it sells in India, but hefty duties — aimed at shielding domestic firms — effectively double the cost of a vehicle and India restricts volumes unless a model has received a local roadworthiness certificate. While tensions between China and India are thawing, it's unclear whether curbs on professional visas will be lifted or if BYD will ever be welcomed with open arms. Still, there are tentative signs of progress. Earlier this month, India allowed Chinese nationals to apply for tourist visas again.