Advertisement
CVE-2026-42897: Microsoft Exchange OWA XSS Zero-Day Under Attack
Active Zero-Day XSS vulnerability, CVE-2026-42897, impacts Microsoft Exchange OWA, allowing mailbox compromise. No patch available.
MiniPlasma 0-Day: Windows SYSTEM Privilege Escalation via cldflt.sys
Technical analysis of the MiniPlasma zero-day vulnerability in cldflt.sys enabling SYSTEM privilege escalation on fully patched Windows systems.
Windows MiniPlasma Zero-Day Exploit: How to Mitigate LPE Threats
A new zero-day exploit dubbed MiniPlasma allows local attackers to gain SYSTEM privileges on fully patched Windows systems. Learn detection and mitigation steps.
Pwn2Own Berlin: Microsoft Exchange, Windows 11 Zero-Day Exploits
Zero-day vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux demonstrated at Pwn2Own Berlin. Runtime Rebel details the impact.
CVE-2026-42897: Microsoft Exchange Server Zero-Day Exploited in Wild
Microsoft warns of CVE-2026-42897, a critical Exchange Server zero-day exploited in the wild. Implement Extended Protection mitigations immediately to secure systems.
CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability
Microsoft warns of CVE-2024-49040, a zero-day spoofing vulnerability in Exchange Server exploited to bypass security filters and impersonate trusted senders.
Cisco SD-WAN RCE via CVE-2026-20182 — Mitigation Guide
Cisco patches CVE-2026-20182, the sixth SD-WAN zero-day exploited in 2026. Learn how threat actor UAT-8616 leverages this flaw for targeted attacks.
CVE-2026-42897: How Attackers Exploit Microsoft Exchange Server
Microsoft warns of active exploitation of CVE-2026-42897, a critical spoofing and XSS vulnerability in on-premise Exchange Server triggered via email.
Cisco Catalyst SD-WAN Controller Authentication Bypass via CVE-2026-20182 Exploited in Zero-Day Attacks
Cisco warns of a critical authentication bypass in Catalyst SD-WAN Controller (CVE-2026-20182) actively exploited in zero-day attacks, granting admin access.
Windows BitLocker Zero-Day Bypass and Privilege Escalation PoC Released
Security researcher releases PoC for YellowKey and GreenPlasma, unpatched vulnerabilities allowing BitLocker bypass and SYSTEM privilege escalation on Windows.
Google’s Big Sleep AI Agent Discovers Real-World SQLite Zero-Day
Google Project Zero and DeepMind’s Big Sleep agent identifies an exploitable stack-based buffer underflow in SQLite, marking a shift in AI vulnerability discovery.
CVE-2026-43284: 'Dirty Frag' Linux Vulnerability Exploited — Patch Now
Analysis of the 'Dirty Frag' (Copy Fail 2) Linux kernel vulnerabilities CVE-2026-43284 and CVE-2026-43500, which enable potential remote code execution.