Microsoft – TheCyberThrone

CVE-2026-45659 — Microsoft SharePoint RCE

OverviewDeserialization of untrusted data in Microsoft Office SharePoint allows an authenticated attacker to execute code remotely over a network. Any authenticated attacker with a minimum of Site Member permissions (PR:L)…

PravinKarthik May 26, 2026

CISA adds Seven Vulnerabilities to KEV Catalog

CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on confirmed evidence of active exploitation. The batch spans Microsoft Windows, Microsoft Internet Explorer, Adobe Acrobat/Reader, and…

PravinKarthik May 21, 2026

Windows Zero-Days Trilogy: Chaotic Eclipse’s Unpatched Assault

Background: Who Is Chaotic Eclipse? Security researcher Chaotic Eclipse, operating under the GitHub handle Nightmare-Eclipse, has published working exploit code for five separate Windows vulnerabilities in a matter of weeks…

PravinKarthik May 20, 2026

CVE-2026-42897 — Microsoft Exchange Server OWA XSS Vulnerability

Overview Microsoft has confirmed active exploitation of CVE-2026-42897, a Cross-Site Scripting vulnerability in Microsoft Exchange Server carrying a CVSS score of 8.1.The flaw stems from improper neutralization of input during…

PravinKarthik May 15, 2026

Microsoft MDASH: When the Machine Becomes the Red Team

AI-native vulnerability discovery has crossed from research curiosity into production-grade defense — and the implications for how enterprises think about security engineering are irreversible. The Announcement in Context On May…

PravinKarthik May 14, 2026

Microsoft Patch Tuesday — May 2026

By the Numbers 137 vulnerabilities patched. 17 rated Critical — 14 RCE, 2 EoP, 1 information disclosure. No zero-days exploited in the wild, no public disclosures ahead of release. Notably,…

PravinKarthik May 13, 2026

CISA adds Two vulnerabilities to KEV catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation — CVE-2024-1708, a ConnectWise ScreenConnect path traversal vulnerability, and CVE-2026-32202, a Microsoft Windows…

PravinKarthik April 29, 2026

Microsoft Patch Tuesday — April 2026

TheCyberThrone | Vulnerability Advisory | April 15, 2026 Volume & Scale — A Near-Record Release Microsoft patched 163 CVEs in the April 2026 Patch Tuesday release — the second largest…

PravinKarthik April 15, 2026