Dark Reading

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft on Thursday disclosed a zero-day vulnerability in Exchange that's under active exploitation, but four days later customers are still awaiting a patch. The zero-day, tracked as CVE-2026-42897 ...
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...

Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

SHub macOS infostealer variant spoofs Apple security updates

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor ...
XDA Developers on MSN

Cron inside WSL beats Windows Task Scheduler for one reason: it actually works the way I think

Here's how I use Linux to automate Windows tasks.
CSO Online

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...