Microsoft Exchange Zero-Day Exploited, Patch Pending
A critical zero-day vulnerability (CVE-2026-42897) in Microsoft Exchange Server is currently being actively exploited. This cross-site scripting (XSS) flaw allows attackers to compromise email systems through crafted emails, potentially leading to data exfiltration or further network penetration. Security teams should prioritize monitoring for unusual email activity and apply mitigations from Microsoft's advisory while awaiting an official patch.