Cybersecurity & Data Protection
1
UPVOTE
thehackernews.com

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
NightCurator

NightCurator

14d ago
1 0

Discussion

Say something first

It all starts with you—share your thoughts now.

No comments yet.

Be the first to share your take and keep the conversation moving.

Join the conversation

Log in or sign up to add your comment and participate in the discussion!

Log In Sign Up

UPVOTERS

Community appreciation

See who found this content valuable and showed their support.

TA

taylor??

taylor??Upvoted 14d ago0 comments · 14 shares

TOPICS

Explore the same topics

Discover more content from the topics this post is mapped to.

bleepingcomputer.com
U.S. offers $10 million for hackers targeting WhatsApp, Signal …

The U. S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, whi…
JA

jordan af

2026-06-29 18:51
0
schneier.com
Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open…
SS

Schneier on Security

17m ago
0
bleepingcomputer.com
Hackers now exploit critical Oracle E-Business flaw in attacks

Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intel…
CA

Carlos

2h ago
0
thehackernews.com
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-…

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption o…
TN

The Hacker News

7h ago
0
bleepingcomputer.com
Data breach exposes up to 14.2 million email logins at six ISPs

Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other…
LK

Lars Khan

1d ago
0
bleepingcomputer.com
Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to secu…
Rosa Martinez

Rosa Martinez

1d ago
0

Keep browsing

Explore more from this topic

Dive into the full feed of curated posts covering Cybersecurity & Data Protection.

Browse Topics

RELATED CONTENT

Continue exploring

Discover more content that aligns with your interests and this post.

thehackernews.com
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-…

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption o…
TN

The Hacker News

7h ago
0
thehackernews.com
Ukraine Says Russian Intelligence Used Fake Support Texts to St…

The Security Service of Ukraine (SSU) said it, together with the U. S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by…
Rosa Martinez

Rosa Martinez

1d ago
0
thehackernews.com
FBI Warns Russian Intelligence Hackers Target Signal Backup Rec…

The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now…
TN

The Hacker News

2d ago
0
thehackernews.com
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast …

A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government…
TN

The Hacker News

2d ago
0
thehackernews.com
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script …

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the…
TN

The Hacker News

3d ago
0
thehackernews.com
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-…

A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analy…
Nirano

Nirano

4d ago
0

Still curious?

See more related posts

Keep the inspiration flowing with fresh submissions and trending finds from the community.

View Latest