Geek-Guy.com

Tag: Exchange

AI, Endpoint, Global Security News, Network Security

Cyber espionage campaign targeted stock exchange executive’s Outlook account

Attackers spent five months silently stealing emails from a stock exchange executive’s Outlook account in a suspected espionage operation. A threat actor quietly sat inside a senior executive’s Outlook account at a major global stock exchange for roughly 150 days, from October 2025 to March 2026. Broadcom’s Symantec and Carbon Black threat-hunting team investigated the…

Read more →

AI, Apps, Funding, Global Security News, Network Security

Anthropic Moves Toward IPO as OpenAI Competition Heats Up

Anthropic has confidentially filed paperwork with the U.S. Securities and Exchange Commission (SEC) for an initial public offering (IPO), becoming the latest artificial intelligence giant to move toward the public markets and potentially beating rival OpenAI to a public debut. The Claude developer submitted a draft registration statement to the SEC on June 1, a…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management

Cybersecurity trends in SEC filings

In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybersecurity. This section is meant to address “cybersecurity risk management, strategy, governance and incidents.” I got curious as to what senior cybersecurity executives are conveying about their companies in these…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group.…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…

Read more →

AI, Exploits, Global Security News

CVE-2026-42897: Exchange Server OWA Spoofing Flaw Exploited via Crafted Email

Microsoft has disclosed a vulnerability impacting on-premise versions of Exchange Server that is already seeing active exploitation in the wild. Tracked as CVE-2026-42897, the issue carries a CVSS score of 8.1 and affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, while Exchange Online is not impacted. Microsoft describes it as a…

Read more →

Exploits, Global Security News, Network Security

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of Microsoft Exchange Server: Subscription Edition RTM, 2019, and 2016. Exchange Online is not…

Read more →

AI, Exploits, Global Security News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting…

Read more →

Global Security News

The Exchange Online security controls organizations keep getting wrong

In this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while organizations must protect their own data, identities, and configurations. The discussion covers default settings worth changing tomorrow, including legacy protocols like SMTP AUTH that survive due to printer, scanner, and ERP…

Read more →

AI, Global Security News

The AI Exchange: Innovators in Payment Security Featuring Dreamplug Technologies Private Limited (CRED)

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.  

Read more →

AI, Cybersecurity, Global Security News

Top Exchange Database Corruption – Causes, Prevention, and Recovery

In this post, I will talk about top Exchange database corruption and also its causes, prevention, and recovery. Corruption in Exchange database (EDB) can cause the database to dismount, preventing the users to access their mailboxes and disrupting the email communication. This can eventually affect the efficiency and productivity of the organization. Therefore, it is…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-34621 Adobe Acrobat…

Read more →

AI, Global Security News

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. “Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the&

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Network Security, Russia

Ariomex, Iran-based crypto exchange, suffers data leak

Resecurity says Iran’s Ariomex crypto exchange suffered a data leak exposing user and transaction data from 2022 to 2025. Resecurity (USA) reports that Ariomex’s database, one of Iran’s cryptocurrency exchange platforms, suffered a data leak. The report published by the cybersecurity company presents the findings of a structured analysis of the leaked database, which contains…

Read more →

AI, Data Breaches, Don't miss, Global Security News, Hot stuff, Network Security, News, Ransomware, SmarterTools

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment

SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. How did the SmarterTools breach happen? Derek Curtis, the firm’s Chief Operating Officer, said that the breach happened on January 29, 2026. “Prior to the breach, we had approximately…

Read more →

AI, Data Breaches, Don't miss, Global Security News, Hot stuff, Network Security, News, Ransomware, SmarterTools

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment

SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. How did the SmarterTools breach happen? Derek Curtis, the firm’s Chief Operating Officer, said that the breach happened on January 29, 2026. “Prior to the breach, we had approximately…

Read more →