SECURITYDARK READING
Microsoft Exchange Zero-Day Under Attack, No Patch Available
A zero-day vulnerability, CVE-2026-42897, has been discovered in Microsoft Exchange, allowing attackers to compromise Outlook Web Access mailboxes through a cross-site scripting vulnerability. No patch is currently available to fix this issue. The vulnerability can be exploited to gain unauthorized access to sensitive information.