VulnHub

A newly discovered zero-day vulnerability in Microsoft Exchange, tracked as CVE-2026-42897, poses a significant risk as it allows attackers to exploit cross-site scripting (XSS) to compromise Outlook Web Access (OWA) mailboxes. This vulnerability is reportedly under active attack, meaning that malicious actors are currently trying to exploit it in the wild. Organizations using Microsoft Exchange should be particularly vigilant, as the absence of an available patch leaves their systems exposed. Without immediate remediation, users could face unauthorized access to sensitive email communications. Companies are advised to implement security measures, such as input validation and monitoring for suspicious activity, until an official patch is released.

A researcher has released an exploit called MiniPlasma that targets a Windows vulnerability from 2020, identified as CVE-2020-17087, which remains unpatched. This exploit uses the original proof-of-concept code, and it has raised concerns among security experts about its potential use in real-world attacks. The vulnerability affects various versions of Windows, making a significant number of users and organizations vulnerable if they have not applied necessary updates. The release of this exploit could lead to increased risks for those systems still running the affected versions, as attackers may use it for unauthorized access or other malicious activities. Companies and users are urged to check their systems and apply any available patches to protect against potential exploitation.

A security researcher known as Chaotic Eclipse has disclosed a serious zero-day vulnerability in Windows called MiniPlasma, which allows attackers to gain SYSTEM privileges on fully updated Windows 11 systems. This flaw, affecting the 'cldflt.sys' file, was believed to have been patched back in 2020 under the CVE-2020-17103 designation, but it appears that the fix was either incomplete or not properly implemented. The existence of a proof-of-concept exploit for this vulnerability raises significant concerns for users and organizations, as it could allow malicious actors to escalate their privileges and potentially take control of affected systems. This issue affects all patched versions of Windows 11, meaning a wide range of users are at risk. Companies should prioritize reviewing their security protocols and consider additional monitoring to mitigate potential exploitation.

A cybersecurity researcher has disclosed a serious vulnerability in Windows, known as 'MiniPlasma', which allows attackers to escalate their privileges to SYSTEM level on fully patched systems. This zero-day exploit poses a significant risk because it can enable unauthorized access to sensitive data and system controls. Users of Windows systems, particularly those in corporate environments, should be on high alert as this exploit can potentially be used in cyberattacks. The researcher has also released a proof-of-concept (PoC) for the exploit, which can facilitate its misuse by malicious actors. This situation underscores the need for immediate attention to system security measures and vigilance against potential exploitation.

Last week, Cisco released a patch for a zero-day vulnerability affecting its SD-WAN product. This flaw could allow attackers to gain unauthorized access to the network and potentially disrupt services. Meanwhile, a previously unpatched vulnerability in Microsoft Exchange Server has been actively exploited by attackers, putting many organizations at risk. These incidents highlight the ongoing challenges companies face in securing their systems against evolving threats. It’s crucial for affected users to apply the latest patches and take proactive measures to protect their networks.

Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.

Microsoft has issued a warning regarding a zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, which is currently being exploited by attackers. This vulnerability affects various versions of Exchange Server, putting organizations that use this software at risk. Microsoft has not yet released a permanent patch but has provided interim mitigations to help secure affected systems. Users and administrators are urged to implement these mitigations to protect their environments until a comprehensive fix is available. The active exploitation of this vulnerability underscores the urgency for affected organizations to take immediate action.

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

KongTuke, an initial access broker, has shifted its tactics to utilize Microsoft Teams for social engineering attacks. This method allows attackers to gain persistent access to corporate networks in as little as five minutes. By exploiting the platform, they can trick employees into providing sensitive information or credentials. This development poses a significant risk to organizations that rely on Microsoft Teams for communication, as it opens up new avenues for breaches. Companies should be vigilant about security practices and employee training to mitigate these risks.