Zero‑Click Outlook RCE (CVE‑2026‑40361): Selecting a New Email Instantly Compromises the System

CVE‑2026‑40361 is a high‑severity, use‑after‑free vulnerability in Microsoft Outlook’s preview pane that enables remote code execution without any user interaction; the flaw, rated 8.4 CVSS and marked “Exploitation More Likely,” affects multiple Office versions and can be mitigated by immediate patching, disabling the preview pane, registry hardening, and layered email‑gateway and endpoint defenses.

CVE-2026-40361Email securityMicrosoft Office

0 likes · 14 min read

Zero‑Click Outlook RCE (CVE‑2026‑40361): Selecting a New Email Instantly Compromises the System

Black & White Path

May 6, 2026 · Information Security

Zero‑Click Android ADB Flaw Lets Attackers Gain Remote Shell Without Interaction

Google’s May 2026 Android security bulletin disclosed CVE‑2026‑0073, a critical zero‑click authentication bypass in the adbd daemon that lets any attacker on the same LAN bypass wireless ADB’s TLS verification and obtain a shell on unpatched Android 14‑16 devices, with detailed exploitation steps and mitigation guidance.

AndroidAuthentication BypassCVE-2026-0073

0 likes · 15 min read

Zero‑Click Android ADB Flaw Lets Attackers Gain Remote Shell Without Interaction

Black & White Path

Apr 2, 2026 · Information Security

Zero‑Click RCE in Telegram: How a Malicious Animated Sticker Can Hijack Your Phone

Security researchers uncovered a CVSS 9.8 zero‑click vulnerability in Telegram that lets attackers execute code and fully control Android and Linux devices by sending a specially crafted animated sticker, and the flaw has been patched but requires immediate user updates.

AndroidInformation SecurityRemote Code Execution

0 likes · 5 min read