> TritonInfoSec News
Home / Jun 11, 2026 / Story
0
#8 BleepingComputer general June 10, 2026 at 13:44 UTC

Microsoft patches Exchange Server zero-day exploited in attacks

By Sergiu Gatlan

AI Summary

Microsoft patched an actively exploited Exchange Server zero-day enabling arbitrary JavaScript execution via cross-site scripting (XSS) in Outlook Web Access, allowing attackers to target OWA users in hybrid or on-premises Exchange deployments. The flaw was under active attack at patch time, making it a critical priority for organizations still running on-premises or hybrid Exchange. The Ghost-Sender technique separately allows spoofing of any email address via Exchange Online in hybrid configurations.

Read full article → https://www.bleepingcomputer.com/news/microsoft/mi…

Relevance score: 83.0/100

# More from June 11

  1. 1
    Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs The Hacker News
  2. 2
    Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws BleepingComputer
  3. 3
    Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days BleepingComputer
  4. 4
    Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows The Hacker News
  5. 5
    Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks BleepingComputer
  6. 6
    Who Runs the Ransomware Group ‘The Gentlemen?’ Krebs on Security
  7. 7
    Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE The Hacker News
  8. 9
    Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities The Hacker News
  9. 10
    China-linked JDY botnet expands targeting of U.S. military networks BleepingComputer