CISA Urges Federal Agencies to Patch Critical Microsoft Exchange Vulnerability
CISA has ordered all US federal agencies to urgently patch a critical Microsoft Exchange vulnerability (CVE-2025-53786) by Monday morning, which could allow attackers with admin access to compromise entire domains through hybrid Exchange configurations. Agencies must update their systems and switch to a dedicated hybrid app to prevent potential lateral movement into cloud environments, with non-government organizations also urged to follow suit.