Trending Topics

Microsoft Exchange 0-Day Under Active Attack

Microsoft has confirmed that a new 0-day vulnerability in on-premises Exchange Server is already being exploited in active attacks, putting Outlook web users at immediate risk. The flaw, tracked as CVE-2026-42897, affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition. It's a spoofing issue that allows attackers to execute malicious JavaScript when a victim opens a specially crafted email in Outlook Web Access, granting the attacker the same permissions as the logged-in user.

That last detail is what makes this particularly dangerous for administrators and high-value accounts. A single successful exploit gives an attacker direct access to sensitive mailboxes and a meaningful foothold inside the network. With no patch currently available and confirmed in-the-wild exploitation already underway, the concern is that CVE-2026-42897 follows the same path as earlier Exchange vulnerabilities that rapidly became staples of ransomware and broad intrusion campaigns.

Microsoft's immediate guidance centers on the Exchange Emergency Mitigation Service. Organizations should verify it is enabled so it can automatically download and apply temporary protections for this flaw. Servers need to be running at least the March 2023 updates for this to function correctly. For environments where automatic mitigation is not an option - air-gapped networks in particular - Microsoft has updated its Exchange on-premises mitigation tool so administrators can manually deploy protections via PowerShell and verify consistent application across affected servers.

Beyond mitigation deployment, security teams should identify any exposed on-premises Exchange servers, confirm that Outlook on the web access is properly secured, and increase monitoring around OWA and mailbox activity. Watch for unusual login patterns, unexpected JavaScript-related errors, and abnormal access to admin or shared mailboxes that could indicate exploitation attempts.

While the official patch is in development, pairing Microsoft's mitigations with strong authentication, hardened email filtering, and vigilant log review is the practical path to limiting the damage and keeping this zero-day from becoming the next major breach headline.

VMware Fusion Flaw Lets Local Users Gain Root Access

A newly disclosed high-severity vulnerability in VMware Fusion can allow local users to escalate their privileges to root on macOS systems, if successfully exploited. Tracked as CVE-2026-41702, the flaw is a time-of-check-to-time-of-use (TOCTOU) issue in a SETUID binary that ships with VMware Fusion, allowing an attacker with a standard non-administrative account to exploit a timing gap in how privileged operations are handled and execute code with full system control. Broadcom has released security updates addressing the bug, and anyone running affected versions - including the widely used 25H2 release - should patch immediately to prevent attackers from turning a limited foothold into complete compromise.

TOCTOU bugs occur when software checks the state of a file or resource and later uses it without re-verifying that nothing changed in the interim. That gap gives an attacker a window to quietly swap what is being accessed or modify permissions between the check and the use. In this case, the vulnerable SETUID binary performs actions with root privileges on behalf of a normal user. If an attacker can exploit that timing window, they can hijack the process and elevate to root - enabling persistent backdoor installation, system setting tampering, or use of the compromised Mac as a pivot point into a broader corporate network.

What makes this serious is not remote exploitability - it has none - but the leverage it provides to anyone who has already obtained local access, whether through malware, stolen credentials, or a malicious insider. VMware Fusion is popular among developers, IT staff, and security professionals running test and lab environments on macOS, which means many of the systems at risk are already high-value assets in enterprise workflows.

The good news is that the attack still requires local access and cannot be launched directly from the internet. Local privilege escalation vulnerabilities like this remain highly prized by attackers since they chain so well with browser, email, or document exploits that deliver an initial user-level payload.

Organizations and individual users should check which version of VMware Fusion they are running, apply the latest Broadcom security update, and review recent logs for suspicious activity involving Fusion binaries or unexpected processes running as root - particularly on shared or multi-user Macs.

PraisonAI Auth Bypass Bug Hit By Scanners Within Hours

A newly disclosed authentication bypass vulnerability in PraisonAI, an open-source multi-agent orchestration framework, was being actively probed by attackers less than four hours after it was made public. Tracked as CVE-2026-44338, the flaw stems from a legacy Flask-based API server that ships with authentication effectively disabled by default. Anyone who can reach the exposed service can access sensitive endpoints like /agents and trigger configured workflows through /chat without providing a token. The issue affects PraisonAI versions 2.5.6 through 4.6.33, with a fix available in version 4.6.34.

According to Sysdig, within three hours and 44 minutes of the GitHub advisory being published on May 11, a scanner identifying itself as CVE Detector 1.0 began hitting internet-facing PraisonAI instances - first sweeping common disclosure paths, then narrowing in on the vulnerable /agents endpoint. The traffic pattern points to automated reconnaissance rather than full exploitation: confirm the auth bypass works, enumerate available agents, and log exploitable hosts for follow-up.

The observed scanner did not send POST requests to /chat during the recorded passes, but a successful attacker could abuse this design flaw to repeatedly consume model and API quotas or access the results of PraisonAI.run. The real-world impact would depend entirely on what actions each operator has wired into their agents.yaml workflows - which is precisely what makes this class of vulnerability hard to generalize and easy to underestimate.

The root cause is straightforward. The vulnerable legacy server hard-codes AUTH_ENABLED = False and AUTH_TOKEN = None, causing the check_auth() helper to always grant access and leaving both "protected" routes open to any reachable caller by design.

This incident is another data point in a pattern that should concern anyone running AI infrastructure: adversaries are moving on newly disclosed bugs faster than most organizations can patch or even detect initial probing. The window between disclosure and active scanning is now measured in hours, not days.

Operators should upgrade to PraisonAI 4.6.34 or later immediately, audit where the legacy API server is exposed, lock down network access around AI services, review model provider billing for unusual consumption, and rotate any credentials referenced in agents[.]yaml in case they were accessed through this flaw.

Critical Cisco SD WAN Bug Let Hackers Rewire Enterprise Networks

A critical zero-day vulnerability in Cisco Catalyst SD-WAN controllers and managers is being actively exploited, granting remote attackers high-privilege access to the heart of enterprise WAN infrastructure. Tracked as CVE-2026-20182 with a CVSS score of 10.0, the authentication bypass flaw stems from a broken peering authentication mechanism that allows an unauthenticated attacker to send crafted requests, log in as a highly privileged internal non-root user, and then use NETCONF to push arbitrary configuration across the SD-WAN fabric. Cisco has confirmed that both on-premises and cloud-managed deployments are at risk. Fixed software versions are available, but no workaround fully mitigates the issue short of patching and strictly limiting access to SD-WAN management and control plane interfaces.

Security researchers at Rapid7 uncovered CVE-2026-20182 while investigating a related flaw, CVE-2026-20127, that had already been exploited since at least 2023 by a threat cluster tracked as UAT-8616. In that earlier campaign, the actor exploited SD-WAN controller flaws to create rogue peers within victim environments, downgrade software to reintroduce an older privilege escalation bug (CVE-2022-20775), gain root access, and then quietly restore the original version to cover their tracks. Cisco Talos now reports that UAT-8616 is also leveraging CVE-2026-20182 in the wild, continuing a pattern of highly targeted intrusions focused on the control plane governing traffic routing and segmentation across distributed networks.

The operational risk extends well beyond eavesdropping on management traffic. A successful attacker with NETCONF-level access can change routing policies, alter path selection, disable or weaken security controls, and reroute sensitive data flows through infrastructure they control - all while appearing as a legitimate SD-WAN component.

CISA has added CVE-2026-20182 to its Known Exploited Vulnerabilities catalog and ordered US federal agencies to patch affected devices by mid-May 2026. Private sector organizations should treat that deadline as equally urgent.

Network and security teams should identify any exposed Cisco Catalyst SD-WAN Controllers or Managers, upgrade to the fixed releases, restrict access to management and control interfaces to trusted internal segments or tightly scoped IP allowlists, and review authentication and NETCONF logs closely for suspicious logins, new peers, or unexpected configuration changes that could indicate an existing compromise.

Update: Shai Hulud Worm Steals Developer Secrets And Poisons The Software Supply Chain

A self-replicating malware campaign known as the Shai Hulud worm is tearing through the JavaScript and Python ecosystems by targeting npm and PyPI packages and stealing secrets from developer environments at scale. Once it lands on a developer machine or inside a CI pipeline, the worm hunts for API keys, access tokens, and cloud credentials, then uses those secrets to silently publish backdoored versions of the victim's own packages - turning trusted open-source libraries into vehicles for further compromise. Researchers report the campaign has already affected hundreds of packages with tens of millions of combined weekly downloads, meaning the blast radius extends well beyond the original victims to any downstream project that depends on those components.

What sets Shai Hulud apart from a simple credential stealer is how early it gets to work. The worm embeds malicious preinstall logic that executes early in the package lifecycle, reaching developer machines and CI runners before most defenses have a chance to intervene. From there, it uses tools like TruffleHog alongside custom code to scan home directories and environment variables for GitHub, npm, and cloud-provider secrets, then exfiltrates that data to attacker-controlled infrastructure or to new public GitHub repositories created under the victim's own account. In newer variants, if it cannot find anything valuable to steal, the malware falls back to destruction - attempting to wipe the user's home directory and shifting the threat from data theft to outright sabotage.

The worm-like feedback loop is what makes this campaign genuinely difficult to contain. Each successful infection yields fresh credentials that can be used to push modified versions of additional packages, which in turn infect more developers and CI systems that install them. Recent Mini Shai Hulud variants have gone further, abusing trusted publishing features and short-lived OIDC tokens to mint legitimate publish tokens on the fly and ship compromised packages that still carry valid SLSA provenance attestations. The signature of a clean, trusted package is no longer a reliable guarantee.

For organizations that depend heavily on open source, this campaign is a concrete argument for hardening CI pipelines now rather than after an incident. That means locking down access tokens, enforcing least privilege on GitHub and registry permissions, auditing preinstall scripts before they run, and monitoring for unusual package changes or unexpected repositories appearing under internal accounts.