Microsoft warns of Exchange zero-day flaw exploited in attacks

bleepingcomputer.com·May 15, 2026

Microsoft has released mitigations for a critical vulnerability in Exchange Server that enables attackers to execute arbitrary code through cross-site scripting (XSS) targeting Outlook on the web users.

Consider implementing Microsoft's recommended mitigations for the high-severity Exchange Server vulnerability if your organization uses Outlook on the web, as this vulnerability allows threat actors to execute arbitrary code via cross-site scripting (XSS), posing a significant risk to your network security. Prioritize these updates in your security operations to prevent potential exploitation.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Microsoft warns of Exchange zero-day flaw exploited in attacks

Want more content like this?

More from Cybersecurity News

Microsoft shares mitigation for YellowKey Windows zero-day

Risky Business #838 -- GitHub investigates possible breach

Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Max-severity flaw in ChromaDB for AI apps allows server hijacking