Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
Microsoft has patched 120 vulnerabilities in this month’s security update round
Microsoft has patched two zero-day flaws and over 160 others
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware
March Patch Tuesday sees Microsoft release updates for 79 flaws
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
A flaw in JumpCloud Remote Assist for Windows has exposed managed endpoints to local privilege escalation and denial-of-service attacks
Flaws in Windows Graphics Device Interface (GDI) have been identified that allow remote code execution and information disclosure
A new UNC6384 campaign highlights the threat actor’s growing sophistication and geographic expansion
Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments
CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO
Semperis estimates that at least 15,000 enterprise SaaS applications are still vulnerable to a flaw discovered in 2023
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email
A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions
Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017
Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence
CISA has added five more CVEs into its known exploited vulnerabilities catalog
Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk
Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks