Microsoft revealed that hackers are exploiting a SharePoint server vulnerability to deploy ransomware, escalating a cyber-espionage campaign linked to group “Storm-2603.” At least 400 victims are affected, including the US National Institutes of Health. The flaw, initially unpatched, is being exploited by attackers, possibly including Chinese state-backed hackers, despite Beijing’s denial.