Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursd...
Microsoft
20 articles
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrar...
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero...
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond trad...
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical
Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers...
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days
Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as ...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the ...
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture
Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its ...
Dell SupportAssist Update Forces Windows Systems Into BSOD Loop
A faulty update to Dell’s SupportAssist Remediation service is triggering widespread system crashes, forcing thousands of Dell and Alienware devices into con...
[local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
Remote Sunrise Helper for Windows 2026.
[local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
Remote Sunrise Helper for Windows 2026.
[local] Windows Snipping Tool - NTLMv2 Hash Hijack
Windows Snipping Tool - NTLMv2 Hash Hijack
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [.
Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords.
Defense in depth for autonomous AI agents
As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in dep...
Microsoft details new AI system for vulnerability discovery
The MDASH system, developed by Microsoft's Autonomous Code Security team, utilizes over 100 specialized AI agents to find and validate exploitable bugs.
Kazuar: Anatomy of a nation-state botnet
Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to ...
China-linked hackers target Azerbaijani oil firm in multi-wave attack
The attackers exploited a vulnerable Microsoft Exchange Server, specifically the ProxyNotShell chain, to gain initial access.
Researcher publishes proof-of-concept exploits for unpatched Windows vulnerabilities
A cybersecurity researcher has released proof-of-concept exploits for two unpatched Microsoft Windows vulnerabilities, YellowKey and GreenPlasma, which allow...
Microsoft addresses BitLocker recovery issue in Windows 11
The issue, acknowledged on April 14, impacts Windows 10, Windows 11, and Windows Server devices configured with an "unrecommended" BitLocker Group Policy.