"Monday opens with a trust problem." — The Hacker News
CVE-2026-42897: On-prem Microsoft Exchange under active exploitation
Microsoft disclosed an active-exploitation vulnerability impacting on-premise Exchange Server, tracked as CVE-2026-42897 and assigned a CVSS score of 8.1. The flaw is described as a spoofing bug arising from a cross-site scripting issue. An anonymous researcher is credited with reporting the defect. Microsoft has published a temporary mitigation via its Exchange Emergency Mitigation Service and said a permanent patch is being prepared. Beyond those facts, Microsoft has not released public details about the mechanics of the in-the-wild exploits, the identity of the attacker(s), the scale of activity, whether specific targets have been hit, or whether any intrusions were successful.
Cisco Catalyst SD-WAN controller, UAT-8616, and persistence-focused tradecraft
Cisco Talos attributed active exploitation of a critical authentication bypass, CVE-2026-20182, to a sophisticated actor tracked as UAT-8616. "8616 performed similar post-compromise actions after successfully exploiting CVE-2026-20182, as was observed in the exploitation of CVE-2026-20127 by the same threat actor," Cisco Talos said. Talos reported that UAT-8616 attempted to add SSH keys, modify NETCONF configurations, and escalate to root privileges. Security vendor Rapid7 framed the behavior as pre-positioning: "They are usually not looking for a smash and grab. They want persistence. They want access that blends in. They want to sit in the right place long enough to observe, influence, and pivot when the time is right. An SD-WAN controller is a great place to do that, because it lives in the middle of trust relationships most organizations rarely question."
TeamPCP, the Mini Shai-Hulud npm wave, and the danger of one weak dependency
A supply-chain campaign tied to TeamPCP—labeled the Mini Shai-Hulud campaign—compromised dozens of TanStack npm packages and spread through developer ecosystems including UiPath, Mistral AI, OpenSearch and PyPI. The attackers deployed stealer malware via poisoned open-source packages to harvest credentials, API keys, SSH keys, and other secrets. The report says TeamPCP then weaponized those credentials to access cloud infrastructure and serve as an initial access broker for follow-on groups such as ransomware actors; in some waves the attackers used the Trufflehog scanner to validate harvested credentials. Separately, the node-ipc package was compromised to distribute a stealer, and because node-ipc is a dependency for hundreds of packages the compromise risks cascading downstream. In the node-ipc case the write-up notes it is currently not known who is behind that attack.
Fake Hugging Face model page delivers Rust stealer — AI model registries as a new supply-chain risk
A malicious Hugging Face repository impersonated OpenAI's Privacy Filter model (openai/privacy-filter) by copying its description and appearing in the platform's trending list under the name Open-OSS/privacy-filter. The repository instructed Windows users to run start.bat and Linux/macOS users to execute python loader.py; those commands deployed a Rust-based information stealer. Hugging Face disabled access to the malicious model. The incident is presented as evidence that public AI model registries are becoming a new software supply-chain attack surface, and defenders are urged to verify publisher identity, check model-card provenance, and scan for unexpected binary downloads.
Other notable incidents and the AI-driven vulnerability surge
Several additional items from the week illustrate the breadth of the problem: Instructure said it reached an agreement with the ShinyHunters group after a breach that disrupted thousands of schools; the company said it received "digital confirmation" in the form of "shred logs" and the group's listing for Instructure was removed from the leak site as of May 12. Apple and Google began a beta rollout of cross-platform E2EE for RCS messaging between iPhone and Android, with a padlock icon marking encrypted conversations and broader platform support to follow. Researchers disclosed new information-stealer families (Salat, Gremlin, Reaper), and a Flare.io report noted that one in four infostealer victims has active access to corporate infrastructure, while 16% of gaming-related infections involved users with active corporate credentials.
On vulnerability discovery, OpenAI announced Daybreak to help developers scan and fix code using frontier LLMs and Codex, while Microsoft described MDASH, an AI-assisted pipeline that runs specialized agents to find vulnerabilities. The U.K. NCSC and others warned a surge in AI-assisted discovery would drive a spike in needed updates; Microsoft has already patched more than 500 vulnerabilities in the first five months of 2026.
What this means for enterprise CISOs, open-source maintainers, and developers
- Enterprise CISOs: Prioritize the urgent CVEs listed in this week's roundup (including CVE-2026-42897 and CVE-2026-20182), deploy available mitigations such as Microsoft's Emergency Mitigation Service, and assume attackers will weaponize leaked credentials to pivot into cloud assets.
- Open-source maintainers: Treat model registries and package repositories as part of your supply chain hygiene—verify publisher identity, monitor dependencies for unexpected binary downloads, and accelerate provenance metadata such as SBOMs as recommended by multiple government agencies.
- Developers and DevOps teams: Rotate keys and secrets promptly, scan for poisoned dependencies (the report highlights Trufflehog as a tool observed in some attacks), and consider validation evidence and continuous testing to keep pace with AI-accelerated vulnerability discovery.
The pattern in this week's reporting is blunt: one weak dependency, one leaked key, one cloud foothold, and a production incident follows. The Hacker News' closing advice mirrors that logic: "Patch first. Rotate keys. Review what you run in prod." For defenders, the practical next step is clear and immediate—trust less, check more.




