Issue #199 - May 18, 2026
- May 18
- 2 min read
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Source: The Hacker News
Microsoft disclosed active exploitation of CVE-2026-42897, a spoofing flaw rooted in cross-site scripting on on-premises Exchange. The issue can let attackers deliver crafted emails that execute JavaScript in Outlook Web Access sessions. CISA has already added the bug to its known exploited vulnerabilities catalog, underscoring the urgency for defenders.
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
Source: SecurityWeek
SecurityWeek reports that Universal Robots patched CVE-2026-8153, a critical command-injection flaw in PolyScope 5 that affects collaborative industrial robots. The weakness could allow attackers to tamper with robot operations through the dashboard interface, making it a notable reminder that operational technology environments remain exposed to software security failures.
Content Delivery Exploit Opens Websites to Brand Hijacking
Source: Dark Reading
Researchers warned that the Underminr technique revives domain-fronting style abuse by exploiting how DNS and content delivery networks interpret requests differently. Attackers can hide malicious traffic behind trusted brands, potentially using reputable domains as cover for command-and-control, scams, or data theft at very large scale across the public internet.
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
Source: Dark Reading
Dark Reading details SHub Reaper, a macOS infostealer and backdoor that uses fake WeChat and Miro installers while shifting its branding across Apple, Google, and Microsoft themes during execution. The campaign shows how modern social-engineering chains are becoming more polished, adaptive, and difficult for users to recognize in time.
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
Source: BleepingComputer
Tycoon2FA has evolved to support device-code phishing, sending victims through convincing Microsoft 365 authorization steps that ultimately register attacker-controlled devices. BleepingComputer notes the tactic is growing quickly because it can exploit legitimate OAuth flows, giving criminals persistent access to email, files, and calendars without stealing a password in the usual way.