Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub


Scammers are using bogus proof-of-concept ProxyNotShell exploits for recently identified Microsoft Exchange zero-day vulnerabilities to peddle to unsuspecting victims. Two new zero-day vulnerabilities in Microsoft Exchange were used to attack some of their customers, according to a report last week from the Vietnamese cybersecurity company GTSC.

Working with Trend Micro’s Zero Day Initiative, the researchers privately informed Microsoft of the flaws. Microsoft acknowledged that the issues were being used in attacks and that they were moving forward with the deployment of security upgrades at a rapid pace. Read More…