2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out

Microsoft has confirmed an emergency security update as CISA warns that two new Defender zero-days are being exploited by ...

Scammers are abusing an internal Microsoft account to send spam links

The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending ...
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...
Dark Reading

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft on Thursday disclosed a zero-day vulnerability in Exchange that's under active exploitation, but four days later customers are still awaiting a patch. The zero-day, tracked as CVE-2026-42897 ...