"A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

Microsoft blamed two Chinese nation-state actors for exploiting recently discovered security flaws in SharePoint to infiltrate vulnerable organizations, like schools, state governments, and the U.S. government’s top nuclear security agency.

The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers and news reports.

More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.

Providing additional updates on the breach, Microsoft said in a blog post on Tuesday that two Chinese nation-state operators, Linen Typhoon and Violet Typhoon, exploited vulnerabilities in the internet-facing SharePoint servers.

A security patch released by Microsoft earlier this month failed to fully fix a critical flaw in the U.S. tech company's SharePoint server software that had been identified at a hacking competition in May,