MUST READ

Cyber espionage campaign targeted stock exchange executive’s Outlook account

 | 

Russia's FSB Says Foreign Spies Infected Officials' Phones With Malware

 | 

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

 | 

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

 | 

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

 | 

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

 | 

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

 | 

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

 | 

Ransomware Operators Keep Business Hours. The Data Proves It

 | 

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password

 | 

CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

 | 

U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog

 | 

The Pentagon Finally Admits That Location Data Is a Battlefield Problem

 | 

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99

 | 

Security Affairs newsletter Round 579 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers

 | 

Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys

 | 

Botnet of 17 Million Devices Dismantled in the Netherlands

 | 

Exchange Server

Pierluigi Paganini May 15, 2026
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange […]

Pierluigi Paganini November 07, 2016
Bypassing Two-Factor Authentication on Outlook Web Access

Enterprises running Exchange Server using two-factor authentication on Outlook Web Access (OWA) could be hacked due to a design flaw. New troubles for enterprises running Exchange Server, two-factor authentication implementations on Outlook Web Access (OWA) could be easily bypassed due to a design flaw. An attacker can bypass two-factor authentication to access email inboxes, calendars, contacts and […]

Pierluigi Paganini December 13, 2014
Microsoft recalls Exchange patch in the last Tuesday Update, it is the second straight month

Microsoft recalls Exchange patch, it’s the second time in two months that Microsoft is recalling a security update published along with its patch Tuesday release. Microsoft has announced the recall of a security patch released to fix a problem in its Exchange Server. It is the second straight month that Microsoft has issued a critical […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cyber espionage campaign targeted stock exchange executive’s Outlook account

Intelligence / June 03, 2026

Russia's FSB Says Foreign Spies Infected Officials' Phones With Malware

Security / June 03, 2026

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Security / June 03, 2026

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Breaking News / June 03, 2026

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Security / June 03, 2026