Week in Security: Exchange Zero-Day Exploited, NPM Worm Surges, and AI Supply-Chain Risks

May 19, 2026 at 06:02 AM

•

1 min read

Week in Security: Exchange Zero-Day Exploited, NPM Worm Surges, and AI Supply-Chain Risks — Photo: The Hacker News

TL;DR Summary

This weekly security roundup highlights rapid, multi-vector threats: on-prem Microsoft Exchange is being exploited via CVE-2026-42897 (spoofing/XSS), Cisco’s SD-WAN Controller faces active exploitation from CVE-2026-20182, and a TeamPCP‑driven wave poisons TanStack npm packages as part of a larger supply-chain campaign. The era of fake AI repos delivering stealer malware continues (Open-OSS/privacy-filter on Hugging Face). AI-assisted vulnerability discovery is accelerating with OpenAI’s Daybreak and Microsoft MDASH, alongside other notable findings (ransomware deals, new CVEs, and cross‑platform E2EE deployments). The takeaway: patch early, rotate keys, and assume software supply chains are compromised.

Topics:technology #cve-2026-42897 #cybersecurity #exchange #npm #supply-chain #teampcp

Share this article

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More The Hacker News
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email The Hacker News
Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation Forbes
Microsoft Exchange Zero-Day Under Attack, No Patch Available Dark Reading
Microsoft warns of Exchange zero-day flaw exploited in attacks BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

17 min

vs 17 min read

Condensed

97%

3,399 → 90 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights