Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 18 May 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Hacking Topics, Security Operation Center |
The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.
"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network," the tech giant said in a Thursday advisory.
Microsoft, which tagged the vulnerability with an "Exploitation Detected" assessment, said an attacker could weaponize it by sending a crafted email to a user, which, when opened in Outlook Web Access and subject to other "certain interaction conditions," can allow arbitrary JavaScript code to be executed in the context of the web browser. More here
A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for… More...
Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal o… More...
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestra… More...
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and t… More...
The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environment… More...
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. More...
A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as ga… More...
Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal o… More...
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestra… More...
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and t… More...
