This roundup highlights active exploitation of Microsoft Exchange Server and Cisco Catalyst SD-WAN Controller flaws, alongside supply chain compromises involving TanStack npm packages and a fake Hugging Face model page that pushed stealer malware. It also covers ransom negotiations involving Instructure and ShinyHunters, plus the growing role of AI in vulnerability discovery and offensive tradecraft. #MicrosoftExchangeServer #CiscoCatalystSDWANController #TanStack #HuggingFace #ShinyHunters #Instructure #TeamPCP
Keypoints
- Microsoft disclosed active exploitation of CVE-2026-42897 in on-prem Exchange Server.
- UAT-8616 is abusing Cisco Catalyst SD-WAN Controller flaw CVE-2026-20182 for persistence and privilege escalation.
- TeamPCP-linked supply chain attacks poisoned TanStack npm packages and spread to related developer ecosystems.
- A fake Hugging Face repo impersonated OpenAI’s privacy filter model to deliver a Rust-based stealer.
- Instructure reached a ransom agreement with ShinyHunters after data theft and disruption of school services.
Read More: https://thehackernews.com/2026/05/weekly-recap-exchange-0-day-npm-worm.html