CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
Tag: Outlook
Data Breaches, Exploits, Global Security News
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.
AI, Exploits, Global Security News
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the…
AI, Global Security News, malware, Network Security
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
Global Security News
New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. […]
AI, Global Security News
Microsoft fixes Classic Outlook bug causing email delivery issues
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. […]
AI, Global Security News
Microsoft links Classic Outlook issue to email delivery problems
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. […]
AI, Global Security News
Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
Microsoft has resolved a known issue that rendered the classic Outlook email client unusable for users who enabled the Microsoft Teams Meeting Add-in. […]
AI, Global Security News
Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. […]
Global Security News, Microsoft, Security
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. […]