high-severity zero-day flaws in microsoft exchange are being actively exploited to inject malicious code into outlook web sessions, prompting coordinated emergency patching across microsoft, google, sap and cisa. in the same window, kaspersky reported malicious objects on 19.6% of monitored industrial control systems in q1 with manufacturing-sector attacks rising in several regions, and cisa published fresh advisories on schneider and siemens-linked industrial equipment plus urgent vpn patch directives.