Cybersecurity Headlines — May 18, 2026
- Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION — Securityaffairs.com
- U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog — Securityaffairs.com
- Europe built sovereign clouds to escape US control. Then forgot about the processors — Theregister.com
- The Next Cybersecurity Challenge May Be Verifying AI Agents — HackRead
- AI gave North Korean hackers a $600 million month. DeFi is still working out how to respond. — The Next Web
- CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day — Securityaffairs.com
- Was Your Data Exposed in the Massive New Cyberattack? — Geeky Gadgets
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — Internet
- AI is having its “Ford T” moment as Zero Day assembly lines appear — TechRadar
- Microsoft warns of Exchange zero-day flaw exploited in attacks — BleepingComputer
From the Trenches
As I dive into today’s cybersecurity landscape, two stories stand out to me as particularly noteworthy. First, the U.S. CISA has added a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog, which is a stark reminder of the ongoing threat landscape. This zero-day vulnerability has already seen active exploitation, and it’s essential for organizations that use Microsoft Exchange Server to take immediate action and patch their systems.
The second story that caught my attention is the revelation that North Korean hackers have been using AI to amplify their attacks, with one attack yielding a staggering $600 million in profits. This highlights the evolving nature of cyber threats, where AI-powered attacks are becoming increasingly sophisticated and lucrative for those who can wield them effectively. As practitioners, we need to stay vigilant and adapt our defenses to counter these emerging threats.
🔧 Patch Priority: Microsoft Exchange Server (CVE-2026-42897) is a critical vulnerability that requires immediate attention from organizations using the software.
Compiled daily. Stay patched, stay vigilant.