Microsoft Exchange
Coverage of Microsoft Exchange in the Nexus archive.
- Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
A flaw in Microsoft Exchange, dubbed 'Ghost-Sender', allows attackers to spoof any email address by exploiting Exchange Online or on-premises systems in hybrid mode with third-party mail servers or spam filters.
- Microsoft Exchange Zero-Day Under Attack, No Patch Available
A zero-day vulnerability, CVE-2026-42897, has been discovered in Microsoft Exchange, allowing attackers to compromise Outlook Web Access mailboxes through a cross-site scripting vulnerability. No patch is currently available to fix this issue. The vulnerability can be exploited to gain unauthorized access to sensitive information.
- Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
Competitors exploited 15 unique zero-day vulnerabilities in products like Windows 11 and Microsoft Exchange, earning $385,750 in cash awards on the second day of Pwn2Own Berlin 2026. The vulnerabilities were found in multiple products, including Red Hat Enterprise Linux for Workstations. This highlights significant security concerns in popular software.