Exchange servers targeted by Cuba ransomware with OWASSRF vulnerability

BleepingComputer reports that Microsoft Exchange servers are being targeted by the Cuba ransomware operation with the zero-day OWASSRF exploit, tracked as CVE-2022-41080, which has also been exploited by the Play ransomware gang to evade ProxyNotShell URL rewrite mitigations.

bleepingcomputer cuba cuba ransomware cve cve-2022-41080 email security evade exchange exploit exploited microsoft microsoft exchange mitigations owassrf play play ransomware ransomware ransomware gang reports servers url vulnerability vulnerability management zero-day