The Drupal security team has announced an important security release for supported versions of Drupal core, warning administrators that public exploitation could happen very quickly after the patches become available. That wording alone has caught the attention of security teams across the industry because it usually means the issue is serious enough that attackers may move fast once technical details are disclosed. Drupal continues to power a large number of websites around

The vulnerability is tied to Outlook Web Access (OWA) and involves a cross-site scripting (XSS) and spoofing issue that could allow attackers to execute malicious JavaScript through specially crafted emails. Microsoft confirmed active exploitation but has not yet released full details on the threat actors or attack campaigns behind it. What makes this particularly concerning is the timing. Just days earlier, Microsoft’s Patch Tuesday updates were celebrated for having no act