“We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available,” said Pete Renals, a senior manager with Palo Alto Networks’ Unit 42. “We have identified dozens of compromised organizations spanning both commercial and government sectors.’’

With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What’s also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched.

now the FAFO part:

The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization’s vice president.

Those warned included public schools and universities. The process took six hours Saturday night — much longer than it otherwise would have, because the threat-intelligence and incident-response teams have been cut by 65 percent as CISA slashed funding, Rose said.