Microsoft Fixes Zero-Day Flaw in Exchange Server Exploited in Attacks

Microsoft has patched a high-severity flaw in Exchange Server, known as CVE-2026-42897, which allowed hackers to execute malicious JavaScript in victims' browsers simply by sending a specially crafted email. This zero-day vulnerability was actively exploited in attacks, putting Outlook Web Access users at risk.

https://osintsights.com/microsoft-fixes-zero-day-flaw-in-exchange-server-exploited-in-attacks?utm_source=mastodon&utm_medium=social

#ZeroDay #ExchangeServer #CrosssiteScripting #Cve202642897 #Microsoft

⚠️ Zero-Day Joomla Vulnerability Allows Unrestricted Code Upload & Execution

#CVE202648907 #CrossSiteScripting #JCEEditorVulnerability #JoomlaSecurity #PHPInjection #cve #cybersecurity #iso27001

Security Researcher Exploits Flaw in Pretalx Conference Tool

A security researcher recently uncovered a vulnerability in pretalx, a popular conference tool, that could let hackers inject malicious code into an organizer's interface, putting sensitive data at risk. This flaw, known as a stored cross-site scripting vulnerability, could be triggered through simple search queries.

https://osintsights.com/security-researcher-exploits-flaw-in-pretalx-conference-tool?utm_source=mastodon&utm_medium=social

#CrosssiteScripting #Vulnerability #Cve202641241 #Pretalx #OpensourceSoftware

Microsoft Exchange Servers Targeted in Active Exploitation

Microsoft has sounded the alarm on a critical vulnerability in on-premise Exchange Servers, known as CVE-2026-42897, that's currently being exploited by hackers - and the company is urging affected users to act fast. A temporary fix is in place, with a permanent patch on the way.

https://osintsights.com/microsoft-exchange-servers-targeted-in-active-exploitation?utm_source=mastodon&utm_medium=social

#Cve202642897 #MicrosoftExchangeServers #EmergingThreats #SpoofingVulnerability #CrosssiteScripting

Microsoft Warns of Severe Zero-Day Flaw in On-Prem Exchange Servers

Microsoft just sounded the alarm on a severe zero-day flaw in on-prem Exchange servers, warning that a high-severity vulnerability could let attackers send malicious code to victims via specially crafted emails. This flaw, tracked as CVE-2026-42897, has already been automatically mitigated if the EM Service is enabled,…

https://osintsights.com/microsoft-warns-of-severe-zero-day-flaw-in-on-prem-exchange-servers?utm_source=mastodon&utm_medium=social

#ZeroDay #ExchangeServerVulnerability #Cve202642897 #CrosssiteScripting #Microsoft

Microsoft Exchange Servers Targeted by Active CVE-2026-42897 Exploit

Microsoft warns of a high-severity vulnerability, CVE-2026-42897, in its Exchange Servers, allowing attackers to spoof network communications via a cleverly crafted email. This cross-site scripting flaw has been actively exploited, earning a concerning CVSS score of 8.1.

https://osintsights.com/microsoft-exchange-servers-targeted-by-active-cve-2026-42897-exploit?utm_source=mastodon&utm_medium=social

#Cve202642897 #MicrosoftExchange #CrosssiteScripting #SpoofingVulnerability #Exploit

Zimbra Servers Targeted in Ongoing XSS Attacks

Beware of sneaky phishing emails that can hijack your Zimbra server with just a glance - no clicks or downloads required. A single malicious email can trigger a cross-site scripting attack, thanks to a recently patched vulnerability, CVE-2025-48700.

https://osintsights.com/zimbra-servers-targeted-in-ongoing-xss-attacks?utm_source=mastodon&utm_medium=social

#CrosssiteScripting #Zimbra #Cve202548700 #XssAttacks #EmailExploits