Cybersecurity Headlines — May 16, 2026
- CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day — Securityaffairs.com
- Was Your Data Exposed in the Massive New Cyberattack? — Geeky Gadgets
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — Internet
- AI is having its “Ford T” moment as Zero Day assembly lines appear — TechRadar
- Microsoft warns of Exchange zero-day flaw exploited in attacks — BleepingComputer
- Finding the blind spot: How Canonical hunts logic flaws with AI — Ubuntu.com
- 15 maja 2026 — Mrugalski.pl
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — Internet
- Providence’s Ratliff Says Merging Cybersecurity and Emergency Management Builds Stronger Cyber Resiliency — Healthsystemcio.com
- Untrained AI agents are easy security targets — they don’t know bad people exist, says KnowBe4 CEO — SiliconANGLE News
From the Trenches
As a cybersecurity practitioner, I’m seeing two major red flags that require immediate attention from organizations across various industries. The first is the confirmed active exploitation of a zero-day flaw in Microsoft’s Exchange Server (CVE-2026-42897). This means attackers have already found and are exploiting a previously unknown vulnerability in the server software, making it a prime target for malware and lateral movement.
The fact that this flaw has been actively exploited highlights the importance of keeping software up-to-date. Organizations that haven’t yet applied the necessary patches risk being compromised by these attacks. I’ve seen too many cases where an organization thinks they’re safe because their systems are current, only to find out later that a zero-day exploit was used to gain access.
The second story that caught my attention is the TanStack Supply Chain Attack, which forced macOS updates on two OpenAI employee devices (Internet). This incident demonstrates how easily compromised third-party software can be used as a vector for attacks. It’s a stark reminder of the importance of supply chain security and conducting thorough risk assessments on all software and services used within an organization.
🔧 Patch Priority: Microsoft Exchange Server (CVE-2026-42897) is critical, as it has already been actively exploited by attackers, making timely patching essential to prevent further compromise.
Compiled daily. Stay patched, stay vigilant.