CRITICALZero Day
Global

Microsoft patches Exchange Server zero-day exploited in attacks

·Source: BleepingComputer

Updated:

Executive Summary

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]

Analysis

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]
Source Attribution

Originally published by BleepingComputer on Jun 10, 2026.

Related Threats

CRITICALZero Day

GreatXML zero-day BitLocker bypass doesn’t seem to work, yet

A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass BitLocker encryption on locked devices. A well respected security expert reported that the exploit doesn’t work as initially described, but the researcher is looking for ways to fix it. Dubbed GreatXML, the exploit is suppos

CSO Online
CRITICALZero Day

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

Dark Reading
CRITICALZero Day

ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw

Oracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw appeared first on CyberScoop .

CyberScoop