The National Nuclear Security Administration (NNSA), responsible for providing nuclear reactors to the US Navy, was compromised by a zero-day vulnerability in Microsoft's SharePoint software. A source told Bloomberg that the agency was among over 50 organizations affected by the exploit, which targeted on-premises versions of SharePoint, not the cloud-based SharePoint Online. Despite the breach, no sensitive or classified information was reportedly leaked, attributed to the Department of Energy's extensive use of Microsoft 365 cloud services and robust cybersecurity systems. A spokesperson stated that only a small number of systems were impacted and are being restored.

Microsoft has since patched the vulnerability, which allowed remote access to SharePoint servers and data theft. The flaw stemmed from a combination of two bugs showcased at the Pwn2Own hacking contest in May.

Impact Statement: The incident highlights the ongoing threat of zero-day exploits and underscores the importance of robust cybersecurity measures, particularly for organizations handling sensitive information.