CISA Issues KEV Alerts for Actively Exploited Zero-Days in Microsoft Exchange and Cisco SD-WAN
Summary
This cybersecurity brief for May 16-17, 2026, covers a series of critical vulnerabilities and high-profile cyberattacks. Key events include the active exploitation of zero-day flaws in Microsoft Exchange (CVE-2026-42897) and Cisco SD-WAN (CVE-2026-20182), both added to CISA's KEV catalog. Additionally, two unpatched Windows zero-days were publicly disclosed, a major supply chain attack compromised the TanStack ecosystem affecting OpenAI, and ed-tech giant Instructure confirmed paying a ransom to the ShinyHunters group after a massive data breach. These incidents highlight escalating threats to enterprise infrastructure, software supply chains, and educational institutions.
Today New Articles
Funnel Builder WordPress Plugin Flaw Actively Exploited to Skim Payments from 40,000+ Stores
A critical, unauthenticated vulnerability in the Funnel Builder WordPress plugin is under active exploitation, affecting over 40,000 e-commerce sites using WooCommerce. Attackers are injecting malicious JavaScript that acts as a payment skimmer, stealing custo...
European Hospitals Now See Cyberattacks as Direct Threats to Patient Care, Not Just Data
A Black Book Research survey of 284 European hospital executives reveals a significant shift in the perception of cyber risk. Attacks are no longer seen merely as IT or data privacy issues but as direct threats to patient care and safety. The study found 82% o...
UK's HMRC Taps Quantexa AI to Dismantle Cyber-Enabled Tax Fraud Rings
The UK's HM Revenue & Customs (HMRC) has awarded a ten-year, £175 million contract to British AI firm Quantexa. The partnership will use Quantexa's AI-driven "decision intelligence" platform to analyze vast datasets, aiming to better detect sophisticated tax f...
AI Drives Investment and Uncertainty in Cyber Insurance Market
The cyber insurance market is being profoundly reshaped by artificial intelligence. A Q1 2026 report from Gallagher Re shows 95% of InsurTech funding ($1.63B) targeted AI-focused firms. Simultaneously, a 978% surge in generative AI-related litigation has promp...
Article Updates
ShinyHunters Claims Massive Canvas Breach, Disrupting 275 Million Users at 9,000 Institutions
Update:Instructure, the company behind Canvas LMS, has confirmed it paid a ransom to the ShinyHunters hacking group. This payment was made after the group threatened to publicly release 3.5 TB of stolen data affecting 275 million users. Instructure stated an 'agreeme...
High-Severity Flaw in JetBrains TeamCity On-Premises Allows API Exposure (CVE-2026-44413)
Update:The new article, dated May 17, 2026, reinforces the critical need for immediate patching of CVE-2026-44413 in JetBrains TeamCity. It significantly expands on the potential impact, detailing how a compromise could lead to devastating supply chain attacks, simil...
New 'Mini Shai-Hulud' Worm Hits npm & PyPI in Major Supply Chain Attack
Update:OpenAI has confirmed that two of its employee devices were compromised as a result of the 'Shai-Hulud' supply chain attack. Attackers stole credentials and secrets, gaining limited access to internal source code repositories. OpenAI states no user data or prod...
OpenAI Launches 'Daybreak' to Automate Vulnerability Hunting with AI
Update:The new article clarifies Daybreak's 'Public Accessibility' for vulnerability scanning requests, allowing organizations to request scans. It also reframes the competitive landscape, mentioning Anthropic's 'Mythos' project. Furthermore, it provides a deeper ana...
New 'Fragnesia' Linux Flaw (CVE-2026-46300) Allows Root Access; PoC Exploit Released
Update:Further analysis of the 'Fragnesia' (CVE-2026-46300) Linux kernel vulnerability reveals a detailed attack flow involving initial access, triggering the flaw in the XFRM subsystem, heap manipulation, and page-cache corruption to achieve root privileges. The exp...
Update:This update provides more specific hunting hints for the GreenPlasma privilege escalation vulnerability, including monitoring for Windows Security Event ID 4673 and suspicious cmd.exe or powershell.exe processes spawning with SYSTEM privileges, often preceded...
Microsoft Exchange Zero-Day CVE-2026-42897 Under Active Exploitation, Mitigation Urged
Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-42897 to its Known Exploited Vulnerabilities (KEV) Catalog on May 15, 2026. This inclusion mandates U.S. federal agencies to apply Microsoft's mitigations by a specified deadli...
Cisco Warns of Actively Exploited Critical Auth Bypass Flaw in SD-WAN
Update:New intelligence reveals the critical Cisco SD-WAN vulnerability (CVE-2026-20182) is a zero-day actively exploited by the sophisticated threat actor UAT-8616, as identified by Cisco Talos. Furthermore, the U.S. Cybersecurity and Infrastructure Security Agency...