The vulnerability is tied to Outlook Web Access (OWA) and involves a cross-site scripting (XSS) and spoofing issue that could allow attackers to execute malicious JavaScript through specially crafted emails. Microsoft confirmed active exploitation but has not yet released full details on the threat actors or attack campaigns behind it. What makes this particularly concerning is the timing. Just days earlier, Microsoft’s Patch Tuesday updates were celebrated for having no act