Exchange Server CVE-2026-42897 Exploited Through Crafted OWA Email
Microsoft says Exchange Server CVE-2026-42897 has exploitation detected. The current protection path is Exchange Emergency Mitigation Service, not a normal update package yet.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 4, 2026
Latest reports
West Pharmaceutical Cyberattack Stole Data and Encrypted Systems
West Pharmaceutical disclosed a material cyberattack involving data exfiltration, encrypted systems, and global operational disruption. The important part is the overlap between breach response…
YellowKey BitLocker Bypass PoC Targets TPM-Only Windows 11 Drives
A public YellowKey proof-of-concept claims a BitLocker bypass path on Windows 11 systems that rely on TPM-only unlock. Here is where the risk sits…
Microsoft Word Preview Pane RCE Bugs Put Outlook Users at Risk
Microsoft patched two critical Word RCE bugs where the Preview Pane is an attack vector, making Office updates urgent for Outlook and Microsoft 365…
Fortinet Fixes Critical RCE Flaws in FortiAuthenticator and FortiSandbox
Fortinet patched critical unauthenticated RCE flaws in FortiAuthenticator and FortiSandbox, making exposure review and fast version checks a priority for security appliance admins.
RubyGems Pauses Signups After Malicious Package Attack
RubyGems disabled new account registration after reports of hundreds of malicious packages, making recent Ruby dependency changes and CI caches worth immediate review.
Exim CVE-2026-45185 Dead.Letter Can Lead to Mail Server RCE
Exim 4.99.3 fixes CVE-2026-45185 Dead.Letter, a GnuTLS/BDAT use-after-free that can expose internet-facing mail servers to potential remote code execution.
Mini Shai-Hulud Hits TanStack npm Packages With Signed Malware
Mini Shai-Hulud abused trusted publishing to ship malicious TanStack npm packages with valid provenance, turning package installs into a token-exposure incident for CI and…
TrickMo.C Android Banker Turns Phones Into Proxy Nodes
TrickMo.C moves Android banking malware control to TON/.adnl and adds proxy/pivot features, turning infected phones into traffic-exit nodes for fraud.