Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 18 May 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Hacking Topics, Security Operation Center |
The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.
"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network," the tech giant said in a Thursday advisory.
Microsoft, which tagged the vulnerability with an "Exploitation Detected" assessment, said an attacker could weaponize it by sending a crafted email to a user, which, when opened in Outlook Web Access and subject to other "certain interaction conditions," can allow arbitrary JavaScript code to be executed in the context of the web browser. More here
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...
High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act… More...
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap. More...
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...
High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act… More...
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap. More...
