Breaking CVE-2026-42897 — Microsoft Exchange OWA zero-day exploited in the wild, no permanent patch, CISA deadline May 29 • MiniPlasma — Windows SYSTEM zero-day, public PoC, no patch until June 10 • CVE-2026-46300 “Fragnesia” — 3rd Linux kernel root exploit in 2 weeks • CVE-2026-20182 — Cisco SD-WAN CVSS 10.0, CISA Emergency Directive • CVE-2026-42945 “NGINX Rift” — now actively exploited in the wild • CVE-2026-45185 “Dead.Letter” — Exim CVSS 9.8 RCE
Email inbox representing CVE-2026-42897 Microsoft Exchange Server OWA zero-day exploited in the wild
Cover Story ⚨ Actively Exploited No Permanent Patch CISA KEV

Microsoft Exchange Zero-Day:
One Email Hijacks Your Session

CVE-2026-42897 is being exploited in the wild right now. An attacker sends a crafted email — when a victim opens it in Outlook Web Access, arbitrary JavaScript runs inside their authenticated session. No credentials needed. No malware. No warning. No permanent patch. CISA federal deadline: May 29.

Email Security May 19, 2026 14 min read
Read Full Story →
Latest

Threats & Attacks

Email Security
CVE-2026-42897: Exchange OWA Zero-Day — One Email, No Patch, Active Exploitation

A crafted email executes JavaScript inside an authenticated OWA session. No credentials required. No permanent patch. CISA KEV — federal deadline May 29. Exchange Online is not affected.

May 19, 2026
 Windows Zero-Day
MiniPlasma: Microsoft “Fixed” This in 2020 — SYSTEM Shell on Every Fully Patched Windows PC

Standard user in, SYSTEM shell out. Public exploit on GitHub. No patch until June 10. The 6th zero-day in 6 weeks from the same rogue researcher — first 3 were used in real attacks.

May 19, 2026
 Linux Kernel
Fragnesia (CVE-2026-46300): The Linux LPE the Dirty Frag Patch Accidentally Created

No race condition. Public PoC. Container escape. The Dirty Frag kernel patch alone does NOT protect you — a separate patch is required. Third Linux root exploit in two weeks.

May 18, 2026
 Network Infrastructure
CVE-2026-20182: CVSS 10.0 Cisco SD-WAN Auth Bypass — 11 Clusters Exploiting Now

Four DTLS packets. No credentials. Full administrative access to the entire enterprise SD-WAN fabric. CISA Emergency Directive. Active exploitation confirmed.

May 16, 2026
 Web Server
NGINX Rift (CVE-2026-42945): 18-Year Heap Overflow — Now Actively Exploited in the Wild

VulnCheck confirms real-world attacks days after public disclosure. CVSS 9.2. ~34% of all internet web servers running a vulnerable version. Patch to NGINX 1.30.1 immediately.

May 14, 2026
 Critical RCE
Dead.Letter (CVE-2026-45185): Exim CVSS 9.8 — No Login, No Config Workaround

One malformed SMTP sequence corrupts the heap and opens a shell. An autonomous AI built the full exploit in 7 days. Patch to Exim 4.99.3 immediately.

May 13, 2026
Deep Dive

Analysis & Intelligence

01
Application Security
ASPM Is the Cybersecurity Blind Spot Behind Today’s Biggest Enterprise Breaches
Jan 23, 2026Analysis
02
Supply Chain
Third-Party & Supply-Chain Cyber Risk: The Enterprise Blind Spot Behind “Surprise” Breaches
Jan 7, 2026Intelligence
03
AI Risk
AI Model Poisoning & LLM Data Leakage: The Silent Cyber Threat Reshaping Enterprise Security
Dec 11, 2025Investigation
04
APT
From Perimeter Defense to Continuous Trust: Enterprise Strategies for Managing APT Risk
Feb 25, 2026Deep Dive
More

Further Coverage

Linux Kernel
Copy Fail (CVE-2026-31431): The 9-Year Linux LPE That Gives Anyone Root in Seconds

732 bytes of Python. Root on every major Linux distro since 2017. No race condition. No disk trace. Container escape. CISA KEV listed.

May 7, 2026
 Supply Chain
BufferZoneCorp Sleeper Attack: Poisoned Ruby Gems & Go Modules Draining CI/CD Pipelines

Fake developer packages stealing SSH keys, AWS credentials, and GitHub tokens the moment they were installed. Sleeper packages deployed first, then updated to malicious.

May 2, 2026
 DevSecOps
Secrets Management: The Silent Security Failure Hiding in Code, Pipelines & Cloud Infrastructure

Hardcoded credentials and exposed API keys are a silent epidemic. Most teams don’t discover them until it’s too late.

Apr 15, 2026
 Vulnerabilities
Zero-Day Exploits: Why They’re Crushing Enterprise Organizations

A zero-day gives attackers a window defenders can’t close in time. Here’s how enterprises reduce damage before patches exist.

Dec 22, 2025
 Incident Response
Weak Incident Response: The Risk That Turns Small Incidents Into Major Outages

Most organizations discover their IR plan is broken only when they need it most. Don’t be one of them.

Jan 4, 2026
 Security Operations
The Death of the Traditional SOC: Why Legacy Security Operations Can’t Keep Up

Alert fatigue, talent shortages, and attacker velocity are breaking the classic SOC model. AI-driven ops are no longer optional.

Nov 28, 2025

The DataWater Intelligence Brief

Weekly cybersecurity analysis and CISO-level insights — no noise, no vendor pitches. Just signal.