zero-day

CVE-2026-42897: Microsoft Exchange Zero-Day Is Being Exploited Right Now

A crafted email is all it takes. Open it in Outlook Web Access and an attacker runs JavaScript in your browser. No patch yet. Here's what to do if you run Exchange on-prem.