Microsoft Exchange Zero-Day Exploited, Patch Pending — Dark Reading

A critical zero-day vulnerability (CVE-2026-42897) in Microsoft Exchange Server is currently being actively exploited. This cross-site scripting (XSS) flaw allows attackers to compromise email systems through crafted emails, potentially leading to data exfiltration or further network penetration. Security teams should prioritize monitoring for unusual email activity and apply mitigations from Microsoft's advisory while awaiting an official patch.

NGINX Rift Vulnerability Exploited in the Wild — Google News Security (JP)

The NGINX Rift vulnerability (CVE-2026-42945), a heap buffer overflow flaw, has been identified as being actively exploited just days after its disclosure. This vulnerability has existed for 18 years and can be leveraged by attackers to execute arbitrary code on affected systems. Immediate updates are recommended for all NGINX deployments to prevent potential breaches and maintain server security integrity.

NYC Health + Hospitals Data Breach Exposes 1.8M Records — Google News Security

A significant data breach at NYC Health + Hospitals has compromised the medical data and fingerprints of approximately 1.8 million individuals. The breach highlights vulnerabilities in healthcare data storage and emphasizes the need for robust encryption and access controls. Security teams should review their data protection strategies to mitigate similar risks and ensure compliance with healthcare data regulations.

• 'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments [Dark Reading]
• Open Source Software Maker Grafana Labs Was Hacked - tech.co [Google News Security]
• Grafana says stolen GitHub token let hackers steal codebase [BleepingComputer]
• 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand - SecurityWeek [Google News Security]
• Grafana Confirms Breach After Hackers Claim They Stole Data - SecurityWeek [Google News Security]