Microsoft Patches Exploited Exchange Server Vulnerability
CVE-2026-42897 was an actively exploited zero-day vulnerability in Exchange Server that Microsoft warned about in mid-May 2026 before a patch became available in June.
Comparing 11 June 2026 with the previous day 4 June 2026.
CVE-2026-42897 was an actively exploited zero-day vulnerability in Exchange Server that Microsoft warned about in mid-May 2026 before a patch became available in June.
Active exploitation by multiple threat actors observed in the field; unauthenticated remote VPN connections possible under specific configuration, with IOCs provided for incident response.
Chaotic Eclipse is actively exploiting a new BitLocker bypass in attack operations, indicating targeted attacks against organizations using Windows encryption.
Criminal charges against a Russian national underscore US law enforcement action against Void Blizzard and highlight ongoing activity by this Kremlin-linked group targeting Western entities.
The exploit leverages a vulnerability in Microsoft Defender's offline scan functionality to bypass BitLocker and spawn a SYSTEM shell, posing a critical threat to locally accessible Windows systems.
The BSI warning addresses multiple critical vulnerabilities in Ubiquiti UniFi OS without specific CVE identification, suggesting either incomplete disclosure or coordinated vulnerability management.
BSI warns of multiple OpenSSL vulnerabilities with high risk potential (RCE, DoS, information disclosure); an official German government warning signals active exploitation or imminent public exploit availability.
BSI warns of multiple vulnerabilities in 7-Zip with remote code execution potential when processing manipulated archives , relevant immediate threat to desktop end-users.
BSI advisory on multiple Chrome and Edge vulnerabilities without specific CVE identifiers; PoC/active exploitation not mentioned, but code execution via merely opening a malicious webpage indicates high risk.
Multiple OpenSSL security vulnerabilities were closed with focus on crafted signatures, indicating potential bypass scenarios in cryptographic validation mechanisms , a strategically relevant category of weaknesses.
BSI warns of multiple unspecified vulnerabilities in Chrome and Edge that can enable code execution, security bypass, and data theft , specific CVE numbers and PoC status are not provided.
BSI advisory on multiple critical vulnerabilities in Firefox/Thunderbird without specific CVE numbers in the title; details required for patch prioritization.
BSI advisory warns of an unspecified vulnerability in both browsers enabling potential code execution , update required, but CVE details are missing for prioritization.
BSI warns of multiple OpenSSL vulnerabilities; without specific CVE numbers, this is a generic advisory likely referencing a patch cycle or multiple known flaws.
BSI warning regarding multiple vulnerabilities in Microsoft developer tools without concrete CVE details or exploitation status , typical for aggregated security advisories.
The Gentlemen gang operates as a Russian-speaking RaaS affiliate with worm-like propagation capability, combining vulnerability exploitation with BYOVD techniques for enterprise network penetration.
The exploit requires local access and either prior initiation of Windows Defender Offline Scan or the attacker's ability to boot into Windows Recovery Environment (WinRE) without authentication; this is a newly disclosed technique with no confirmed active exploitation campaigns.
UNC6671 uses social engineering (vishing) combined with Adversary-in-the-Middle (AiTM) and Python/PowerShell to bypass MFA and systematically compromise Microsoft 365 and Okta; the announced shutdown signals possible rebranding rather than permanent cessation.
This is a known-issue fix for Windows Server 2025, not a security patch against external attacks; relevant to the CISO only if Windows Server 2025 migration is planned.
A legitimate PowerShell script in Siemens patch files is flagged as malware by multiple antivirus engines, potentially blocking deployments and delaying critical patches.
No changes in this category.
No changes in this category.
A self-propagating worm (Mini Shai-Hulud) by TeamPCP has compromised over 170 npm and PyPI packages while defeating SLSA provenance attestation, representing a critical threat to any software development relying on dependencies from these ecosystems.
Directory-traversal-based RCE in Microsoft Edge feedback logs with CVSS 7.5; Pwn2Own context indicates active, practically demonstrated exploitability.
Pwn2Own vulnerability in Microsoft Edge allows bypass of origin validation; attackers can access restricted functionality if users visit a malicious page.
ZDI Pwn2Own vulnerability in Microsoft Edge allows cross-origin XSS execution upon user interaction; CVSS 5.0 rating for newly published CVE-2026-45494.
A hacker group (TeamPCP) is exploiting vulnerabilities in development tools and cloud misconfigurations at scale to steal credentials and propagate through supply-chain ecosystems via worms,a new escalation in attacks on open-source infrastructure.
Iranian ransomware actors use cryptocurrency exchanges for money laundering; OFAC sanctions against Nobitex signal escalated financial control and elevated risk for European organizations targeted by Iran-backed ransomware campaigns.
Targeted espionage against financial sector executives exploits normal cloud services to disguise data exfiltration , indicating state-sponsored or well-resourced threat actors focused on strategic intelligence.
A Chinese hacking group focused on remote access and data theft is expanding its attacks specifically to Germany and other EU countries; the malware arsenal can also be used for espionage purposes.
Chinese threat actor TA4922 is intensifying attacks on European organizations including Germany with new and known RAT malware variants, combined with phishing campaigns and rapid operational tempo.
Chaining of two Linux kernel fragmentation-related vulnerabilities enables memory corruption and local privilege escalation through crafted network packets.
The vulnerability enables extraction of unencrypted SMTP authentication credentials directly from system log files , a frequently overlooked attack vector for lateral movement and account compromise.
The alert confirms critical Cisco vulnerabilities without detailing exploit status, affected sectors, or active exploitation.
The researcher published a working proof-of-concept without prior notification to Microsoft, meaning the vulnerability is immediately exploitable and attacker code is now available.
The debugging flag was not disabled in production, allowing attackers to actively compromise user accounts , suggesting active exploitation in the wild.