Bloomberg – and no paywall – “The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter. No sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration, said the person, who wasn’t authorized to speak publicly and asked not to be identified. The semiautonomous arm of the Energy Department is responsible for producing and dismantling nuclear arms. Other parts of the department were also compromised. The agency referred questions about the attack to the Energy Department. “On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy,” an agency spokesman said in an email. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored.” The NNSA has a broad mission, which includes providing the Navy with nuclear reactors for submarines and responding to radiological emergencies, among other duties. The agency also plays a key role in counterterrorism and transporting nuclear weapons around the country…”

See also Ars Technica: SharePoint vulnerability with 9.8 severity rating under exploit across globe. “Ongoing attacks are allowing hackers to steal credentials giving privileged access. Authorities and researchers are sounding the alarm over the active mass exploitation of a high-severity vulnerability in Microsoft SharePoint Server that’s allowing attackers to make off with sensitive company data, including authentication tokens used to access systems inside networks. Researchers said anyone running an on-premises instance of SharePoint should assume their networks are breached. The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects SharePoint Servers that infrastructure customers run in-house. Microsoft’s cloud-hosted SharePoint Online and Microsoft 365 are not affected…”