https://modernworkweekly.com/tags/shadow-ai/Recent content in Shadow-Ai on Modern Work WeeklyHugoen-usTue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-09/Tue, 09 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-09/Top 5 This Week CVE-2026-42897 — Exchange Server OWA XSS (Active Vulnerability): All on-prem Exchange 2016, 2019, and SE versions are affected by an XSS flaw exploitable via a crafted email opened in OWA. Exchange Online is unaffected. Patch or mitigate immediately — no excuse to wait on this one. Teams Live Events retirement — June 30, 2026: Scheduling closes in three weeks. Any live events already on the calendar will run through February 28, 2027, but nothing new can be created after the deadline.https://modernworkweekly.com/posts/2026-06-02/Tue, 02 Jun 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-06-02/Top 5 This Week CVE-2026-42897 — Patch Exchange Server on-prem now. An XSS vulnerability in OWA allows arbitrary JavaScript execution when a user opens a crafted email. Exchange 2016, 2019, and SE are all affected. Exchange Online is not. If you’re still running on-prem Exchange, this is a drop-everything patch. Teams Live Events retires June 30, 2026. No new events can be scheduled after June 30. Events already on the calendar are honored through February 28, 2027.https://modernworkweekly.com/posts/2026-05-19/Tue, 19 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-19/Top 5 This Week Storm-2949 cloud breach anatomy — read this now. No malware, no novel exploits. Stolen credentials plus patient attacker plus trusted tooling equalled cloud-wide data exfiltration. Microsoft’s full TTP breakdown is required reading. Then go audit your Conditional Access policies, PIM assignments, OAuth app consents, and UEBA alerting. Dirty Frag Linux LPE — actively exploited. Local privilege escalation in Linux kernel networking components (esp4, esp6, rxrpc) is seeing in-the-wild exploitation.https://modernworkweekly.com/posts/2026-05-17/Sun, 17 May 2026 00:00:00 +0000https://modernworkweekly.com/posts/2026-05-17/Top 5 Hotpatch now default for all eligible Windows devices — GA, May 2026 Windows security update. Opt-out available at tenant level or per quality update policy. Review your rings before it hits. Entra hard-match restriction for role-holding accounts — Action required before June 1. AD → cloud sync will be blocked for objects targeting Entra role-assigned accounts. Agent 365: Shadow AI page + Intune endpoint controls for local agents — Preview.