#zero-day

A security researcher has released a proof-of-concept for a new zero-day vulnerability in Windows, codenamed MiniPlasma. The flaw affects fully patched systems and allows an attacker to gain the highest level of system privileges. The vulnerability exists in the Windows Cloud Files Mini Filter Driver.

A new zero-day vulnerability in Microsoft Exchange, identified as CVE-2026-42897, is being actively exploited. The flaw is a cross-site scripting (XSS) issue that allows attackers to compromise Outlook Web Access (OWA) mailboxes. Microsoft has not yet released a patch to fix the vulnerability.