Unbiased AI-powered news
Microsoft disclosed a zero-day vulnerability in on-premises Exchange Server versions on May 14. The U.S. Cybersecurity and Infrastructure Security Agency added the flaw to its Known Exploited Vulnerabilities Catalog on May 15.
forbes.comMicrosoft disclosed CVE-2026-42897 on May 14, describing the issue as a spoofing vulnerability in Microsoft Exchange Server. The flaw allows an attacker to send a maliciously crafted email that executes arbitrary JavaScript when opened in Outlook Web Access.
U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerabilities Catalog on May 15. CISA urged organizations to prioritize remediation because the attack vector poses a significant risk.
Online is not impacted.
The following on-premises versions are affected: Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, all at any update level. Microsoft has recommended mitigation through the Exchange Emergency Mitigation Service. The company stated that using the service is the best way to address the vulnerability immediately.
x has been applied. Microsoft confirmed the HTML report will include a section on EEMS check results. , said the disclosure is a reminder that on-premises Exchange remains the most targeted piece of real estate in the enterprise stack. Jacob Krell, senior director of secure AI solutions and Cybersecurity at Suzu Labs, said Exchange remains one of the most dangerous places for a remote code execution flaw to land.
Single source — no framing comparison available.
livemint.comCnbc reported that OpenAI offered the Trump administration a 5% stake. Kalshi traders assign less than 30% odds the government takes equity in OpenAI or Anthropic this year. Similar probabilities exceed 60% for several quantum and semiconductor firms.
espn.comFIFA launched an inquiry after footage showed an Argentina supporter confronting American influencer IShowSpeed at Hard Rock Stadium during a 3-2 win over Cape Verde. The incident occurred on 3 July during the last-32 fixture.
app.buzzsumo.comClaude Cowork, previously limited to desktop, now runs on web and mobile starting Tuesday. The update lets users manage tasks across devices while background agents continue without an active connection.