"Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub"

Scammers are posing as security researchers and selling fake proof-of-concept (POC) ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. The cybersecurity firm GTSC disclosed that two new zero-day vulnerabilities in Microsoft Exchange had been used to attack some of their customers. Working with Trend Micro's Zero Day Initiative, the researchers privately disclosed the vulnerabilities to Microsoft, who confirmed that the bugs were being exploited in attacks and that they were working on releasing security updates on a faster timeline. A scammer created GitHub repositories where they attempt to sell fake POC exploits for the Microsoft Exchange CVE-2022-41040 and CVE-2022-41082 vulnerabilities. John Hammond of Huntress Lab has been following these scammers and discovered five now-removed accounts trying to sell the fake exploits. This article continues to discuss the scammers selling fake POC ProxyNotShell exploits for Microsoft Exchange zero-day vulnerabilities on GitHub. 

Bleeping Computer reports "Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub"