Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim opens in a browser. On May...

#Phishing #Windows #Browser

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email

VERWANDTEARTIKEL

GreatXML BitLocker Bypass 0-Day Exploited Via Windows Defender Offline Scan

‘GreatXML’ Zero-Day Exploit Bypasses BitLocker

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Microsoft Patches Exploited Exchange Server Vulnerability

CVE-2026-50507

Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits