The scale of a hack on Microsoft Exchange is beginning to emerge, with tens of thousands of organisations potentially compromised.
The attack used previously unknown flaws in the email software - and sometimes stolen passwords - to steal data from targets' networksMicrosoft says the attackers are "state-sponsored and operating out of China".
And while it initially thought the number of attacks had been "limited", it has since reported "increased use" of the tactics - probably because other hackers are piling in to take advantage of the now public vulnerabilities before systems are patched.
All this comes hard on the heels of the SolarWinds cyber-campaign, linked to Russia, that affected multiple US government departments and other organisations.
This time round, the companies and other bodies affected are apparently of less strategic importance.
But even so, the two attacks put the new Biden administration under pressure to respond.And weary cyber-defenders say events are not just escalating but spiralling out of control.
Both Russia and China have denied any involvement.