Critical Exim RCE, Microsoft Patches, AI Security, and Cloud Updates

Security teams faced a busy cycle of urgent patches, active proof-of-concept exploits, and notable platform changes. A critical Exim flaw enabling unauthenticated code execution led advisories, while Microsoft’s monthly updates fixed high-impact issues across identity and networking. Vendors introduced new security capabilities and performance enhancements, and AI’s role in vulnerability discovery continued to expand, raising governance considerations alongside defensive opportunity.

Critical Patches and Exploit Releases

A newly disclosed Exim vulnerability allows unauthenticated remote code execution in certain GnuTLS builds. The issue, tracked as CVE-2026-45185, is a user-after-free triggered during TLS shutdown when handling BDAT chunked SMTP traffic; affected versions are Exim 4.97 through 4.99.2 compiled with GnuTLS and advertising STARTTLS and CHUNKING, with a fix in 4.99.3. Administrators, especially on Debian and Ubuntu derivatives and shared hosting environments, are urged to update promptly. Potential impacts include command execution as the mail server user, message exfiltration, and lateral movement depending on privileges. Proof-of-concept work highlighted both AI-assisted and human-led exploit development. Details: Exim RCE.

Microsoft’s May updates remediate 118 vulnerabilities across Windows, cloud services, and enterprise apps. Among the most critical are CVE-2026-41089 (Netlogon, CVSS 9.8) that can directly impact domain controllers, CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) with potential for broad endpoint compromise, and CVE-2026-42898 in Microsoft Dynamics 365 On-Premises (CVSS 9.9) enabling code execution by low-privileged authenticated users. Guidance also calls out a high-priority, time-bound requirement to rotate Secure Boot certificates before a June 26 deadline, and notes SAP HotNews fixes including an S/4HANA Enterprise Search SQL injection (CVE-2026-34260). Oracle is moving to a monthly patch cadence beginning May 28, prompting schedule updates. Coverage: Patch Tuesday.

Fortinet addressed two critical remote code execution issues: CVE-2026-44277 in FortiAuthenticator (improper access control) and CVE-2026-26083 in FortiSandbox (missing authorization), each scored 9.1 CVSS and exploitable via crafted HTTP requests by unauthenticated attackers. Recommended versions are FortiAuthenticator 6.5.7, 6.6.9, or 8.0.3 and FortiSandbox 4.4.9 or 5.0.2. Although discovered internally with no confirmed in‑the‑wild exploitation at publication, prior Fortinet RCEs saw rapid attacker adoption, underscoring the need for expedited upgrades and close monitoring. Summary: Fortinet RCEs.

Researchers published working proof-of-concept exploits for two unpatched Windows issues: YellowKey, a BitLocker bypass leveraging WinRE and NTFS transaction replay, and GreenPlasma, an incomplete local privilege escalation technique allowing arbitrary section creation. YellowKey can expose volumes on systems using TPM-only BitLocker auto-unlock and has been validated by independent researchers; TPM+PIN configurations are generally resistant. Until patches arrive, analysts recommend enforcing BitLocker PINs, enabling firmware/BIOS passwords, and reassessing recovery and auto-unlock surfaces. More: BitLocker PoC.

Two significant incidents affected education and manufacturing. Instructure, maker of Canvas, reported an agreement with the unauthorized actor behind a breach affecting nearly 9,000 institutions and involving approximately 275 million records, with claims that stolen data was returned and destroyed. Defacements hit about 330 institutions; the company temporarily disabled Free‑For‑Teacher accounts, rotated keys, and engaged forensic support. Report: Canvas Breach. Separately, Foxconn confirmed a cyberattack at some North American factories with production resuming; the Nitrogen ransomware group claimed theft of 8 TB of confidential data and documents. Investigation and customer notifications are ongoing. Coverage: Foxconn Attack.

AI Systems Accelerate Vulnerability Discovery

Microsoft introduced a production-focused, agentic AI harness for vulnerability discovery known as MDASH, which orchestrates more than 100 specialized agents across frontier and distilled models to analyze code, debate and validate findings, and prove exploitability. The system surfaced 16 vulnerabilities addressed in this month’s patches, including CVE-2026-33824 (double‑free in ikeext.dll) and CVE-2026-33827 (IPv6 race condition in tcpip.sys affecting IPSec‑enabled systems). Microsoft emphasizes that durable advantage lies in the orchestration pipeline rather than any single model. Announcement: Microsoft MDASH.

An evaluation by the UK’s AI Security Institute found OpenAI’s GPT‑5.5 comparable to Anthropic’s Claude Mythos at identifying software security vulnerabilities in red‑team style tests, with similar detection rates and remediation usefulness under matched conditions. The Institute noted that GPT‑5.5’s general availability expands access to automated discovery, while smaller models can approach parity given substantial prompting scaffolding and supervision. The findings reinforce that LLMs can augment workflows but still require human validation to manage false positives and context. Analysis: GPT‑5.5 Study.

Geopolitical implications continue to evolve. Reporting discussed how restricted access to advanced autonomous discovery systems like Mythos intersects with narrowing performance gaps, shifting researcher flows, and large-scale state investment, increasing the need for deconfliction mechanisms such as hotlines, norms on dangerous applications, and transparency—even as verification remains challenging. Context: China AI.

Mobile Forensics and Browsing Infrastructure

Google introduced Intrusion Logging as an opt‑in Android capability for high‑risk users within Advanced Protection Mode, designed to preserve device and network forensic evidence against sophisticated spyware. The feature records daily app lifecycle events, installs/removals, Wi‑Fi/Bluetooth and DNS activity, USB transfers, system certificate changes, and lock/unlock events. Logs are end‑to‑end encrypted on device with keys tied to the Google Account password and screen lock and retained for 12 months, with user‑managed decryption for external analysis. The system also captures system‑level network metadata from Chrome Incognito sessions. Availability starts with devices on the Android 16 December update and newer. Announcement: Android Logging.

Cloudflare rebuilt Browser Run on its Durable Object‑enabled Containers platform, improving capacity, responsiveness, and operational independence. The service now supports starting 60 browsers per minute and up to 120 concurrently, with Quick Action response times reduced by more than 50%. Architectural changes include regional pools of pre‑warmed DO‑backed containers, transactional state management via D1 to eliminate race conditions, and batched Queue writes to scale session assignments. The redesign simplifies quick‑action flows, accelerates browser image upgrades, and adds a /crawl endpoint, improving suitability for agentic workflows. Details: Browser Run.

Cloud and Enterprise Platform Updates

AWS announced new PCI PIN and PCI P2PE compliance packages for AWS Payment Cryptography, expanding validated component coverage to Key Management (KMCP) and Key Loading (KLCP) in addition to previously attested decryption components, and extending regional scope to South America (São Paulo) and Asia Pacific (Sydney). The managed service offers PCI PTS‑certified HSMs and PIN/P2PE‑compliant key management for payment workloads, with artifacts available through AWS Artifact. This reduces customer compliance burden for regulated payment processing. Update: AWS Cryptography.

Amazon enabled the SageMaker Data Agent for SageMaker Unified Studio domains using IAM Identity Center, bringing natural‑language analytics and code generation to centrally managed environments. The agent proposes step‑by‑step plans and generates executable Python or SQL for sources like Amazon Athena, Redshift, S3, and the AWS Glue Data Catalog, and includes a Fix with AI capability for error diagnosis and remediation. It is available in all commercial Regions where Unified Studio is supported. Announcement: SageMaker Agent.

AWS also enabled Amazon FSx for OpenZFS Multi‑AZ file systems in shared VPCs created by an owner account, allowing participant accounts to provision highly available storage while centralizing network control. The change supports decentralized administration in multi‑account architectures and applies in all Regions where FSx for OpenZFS is offered. Governance reviews for IAM, subnet sharing, and network policies are recommended. Note: FSx OpenZFS.

Google described proxy models for LLM‑powered SQL that replace most per‑row LLM calls with small task‑specific classifiers trained on embeddings and labeled samples. Reported gains include roughly 400x token reductions and 30x–100x latency improvements for million‑row queries in BigQuery, with AlloyDB using PREPARE to precompute proxies for sub‑second latencies. While proxies can struggle with multi‑step reasoning or extreme selectivity, systems fall back to full LLM inference when quality thresholds are not met. Paper summary: Google Proxy Models.