Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.
One of the 137 vulnerabilities patched by Microsoft with its Patch Tuesday updates is a critical Outlook flaw that could pose a serious threat to enterprises.
The Outlook vulnerability is tracked as CVE-2026-40361 and it has been described by Microsoft as a remote code execution vulnerability affecting Word.
Haifei Li, developer of the zero-day detection system Expmon, has been credited by the tech giant for reporting the vulnerability.
Related breach coverage
- Researcher Drops YellowKey, GreenPlasma Windows Zero-Days2026-05-14
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.
- Hackers Targeted PraisonAI Vulnerability Hours After Disclosure2026-05-14
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.
- High-Severity Vulnerability Patched in VMware Fusion2026-05-14
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.
- G7 Countries Release AI SBOM Guidance2026-05-14
The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains. The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.