Active Exploits, Supply-Chain Intrusions, and New Cloud Controls

Organizations faced a mix of urgent patching, active exploitation, and governance updates. A critical Cisco SD-WAN flaw under exploitation, fresh attack paths against NGINX and on‑premises Exchange, and a Windows local privilege escalation with public PoC dominated technical risk. At the same time, supply‑chain intrusions hit popular developer ecosystems and even touched two OpenAI employee devices. Policy and platform updates—from the EU’s Cyber Resilience Act to new AWS capabilities—rounded out a day that will drive both immediate response and longer‑term program changes.

Actively Exploited Network and Server Flaws

Cisco disclosed a maximum‑severity authentication bypass in its SD‑WAN control plane, confirming limited exploitation in May 2026. The bug, tracked as CVE‑2026‑20182, allows unauthenticated remote attackers to send crafted control‑connection requests that bypass peering authentication, register as trusted peers, and obtain a high‑privileged administrative account with NETCONF access and configuration control. Cisco stated that typical deployment settings do not mitigate exposure and released fixed software across supported versions; the flaw was also added to CISA’s KEV catalog with an urgent remediation timeline for federal agencies. Administrators should use the vendor’s operational guidance to validate peer relationships and investigate suspicious activity. Full details: Cisco SD‑WAN.

Researchers reported active in‑the‑wild exploitation of a heap buffer overflow in the NGINX HTTP rewrite module affecting releases from 0.6.27 through 1.30.0. Successful exploitation can crash worker processes or—in specific configurations and when ASLR is disabled—enable remote code execution. Patches are available; organizations should update promptly, keep mitigations like ASLR enabled, and monitor for suspicious behavior. The same reporting also noted concurrent exploitation of openDCIM issues, where chaining multiple CVEs can lead to remote code execution and web shell deployment. Coverage: NGINX CVE.

Microsoft confirmed an actively exploited cross‑site scripting vulnerability (CVE‑2026‑42897) in on‑premises Exchange Server that can be triggered when a user opens a crafted email in Outlook Web Access. The company is applying an automatic URL‑rewrite mitigation via the Exchange Emergency Mitigation Service and provides a manual tool for disconnected environments. Exchange Online is not affected. Known mitigation side effects include issues with OWA calendar printing and inline images. Organizations should verify mitigation status across all servers and watch for Microsoft’s forthcoming updates. Advisory: Exchange CVE.

Sansec observed active skimming campaigns abusing a critical flaw in the Funnel Builder WordPress plugin (prior to 3.15.0.3) used by more than 40,000 WooCommerce stores. Attackers exploited a publicly exposed checkout endpoint to insert malicious script tags into the plugin’s External Scripts setting, often disguised as analytics code, and used a WebSocket channel to deliver tailored payment skimmers. Site owners should update immediately, review the affected settings for rogue entries, and investigate checkout traffic for indicators of compromise. Details: Funnel Builder.

Escalation and Identity Abuse Across Microsoft Platforms

A researcher released a public proof‑of‑concept for a Windows local privilege escalation dubbed MiniPlasma, alleging the underlying issue remains unpatched despite an earlier disclosure lineage. Testing reproduced the exploit on fully patched Windows 11, yielding a SYSTEM shell, though it reportedly did not trigger on the latest Insider Canary build. The flaw involves the cldflt.sys Cloud Filter driver and an undocumented API pathway. Until vendor guidance is available, enterprises should monitor for suspicious use of the Cloud Filter driver and registry hive modifications and restrict execution of untrusted binaries. Report: MiniPlasma.

Separately, the Tycoon2FA phishing kit has evolved to abuse OAuth 2.0 device authorization, using invoice‑themed lures and Trustifi click‑tracking to lead victims to a fake Microsoft CAPTCHA page. The kit fetches a device code from attacker infrastructure and instructs users to enter it at microsoft.com/devicelogin, resulting in illicit issuance of access and refresh tokens that grant broad Microsoft 365 access without stealing passwords. Researchers recommend disabling device‑code flow where unnecessary, locking down OAuth consent, requiring admin approval for third‑party apps, enabling Continuous Access Evaluation, enforcing compliant device policies, and monitoring Entra logs for deviceCode activity and unusual Node.js agents. Findings: Tycoon2FA.

Software Supply Chain and Advanced Threat Tooling

OpenAI confirmed that two employee devices in its corporate environment were impacted by the Mini Shai‑Hulud supply‑chain intrusion that targeted TanStack. The attacker exfiltrated a limited set of credential material from internal source‑code repositories accessible to the two users; OpenAI isolated affected systems and identities, rotated credentials across impacted repositories, audited activity, and reissued code‑signing certificates, advising macOS users to update apps before a June 12, 2026 cutoff. Researchers linked the broader campaign to TeamPCP infrastructure and documented a modular Python toolkit with primary and fallback C2, credential harvesting across cloud and developer ecosystems, and destructive, geo‑gated behaviors; multiple vendors were affected via trojanized npm and PyPI packages. Overview: TanStack attack.

Investigators reported a compromise of specific releases of the widely used node‑ipc npm package, where an obfuscated infostealer in the CommonJS entrypoint harvested environment variables, cloud and CI/CD credentials, SSH keys, database secrets, and browser data. Exfiltration occurred via DNS TXT queries using Azure‑themed infrastructure, with logic to skip large files and remove archives post‑exfiltration. Impacted developers should remove the affected versions (9.1.6, 9.2.3, 12.0.1), rotate secrets, and examine lockfiles, caches, and CI logs for signs of compromise. Analysis: node‑ipc.

On the advanced threat front, Microsoft researchers documented how a Russian‑linked group has re‑architected the long‑running Kazuar backdoor into a modular peer‑to‑peer botnet. The new design splits responsibilities across Kernel, Bridge, and Worker components, with leader election, multiple IPC channels, and support for transports including Exchange Web Services, HTTP, and WebSockets. Worker modules perform keylogging, event hooks, enumeration, and MAPI collection, with on‑disk staging and encryption to organize tasking and outputs. The modular approach, flexible C2, and anti‑analysis features increase persistence and complicate detection. Technical profile: Kazuar botnet.

Governance, Disclosure, and Cloud Platform Updates

The EU’s Cyber Resilience Act (CRA) establishes product‑safety style obligations for digital goods, including SBOMs, secure‑by‑default design, vulnerability handling, rapid incident reporting, and—in many cases—at least five years of free security updates. Vendors must report actively exploited vulnerabilities within 24 hours and follow with a full report in three days. Critical product categories face stricter assessments, enforcement actions can include recalls and fines up to €15 million or 2.5% of turnover, and ENISA will host the single reporting platform. Many organizations are not ready, underscoring the need to mature SBOM and supply‑chain practices ahead of upcoming compliance dates. Summary: CRA overview.

In cloud disclosure news, a researcher reported that the Azure Backup for AKS service allowed a Backup Contributor on a vault to trigger Trusted Access and obtain cluster‑admin privileges. Microsoft’s Security Response Center rejected the report as requiring pre‑existing administrative rights and made no public product changes; CERT/CC initially validated the issue but later closed the case under CNA hierarchy rules after Microsoft urged against CVE assignment. After public disclosure, the researcher observed the original exploit path no longer functioned due to added checks, suggesting a silent remediation without advisory. Discussion: Azure Backup issue.

Among platform updates, AWS raised the per‑query result ceiling for CloudWatch Logs Insights to 100,000 records and added pagination support to the GetQueryResults API, reducing the need to split queries across time ranges and improving programmatic retrieval. This change is available across all commercial regions via console, CLI, CDK, and SDKs. Announcement: CloudWatch Logs. AWS also opened a public preview of Interconnect – multicloud with Oracle Cloud Infrastructure in us‑east‑1, extending its open‑spec connectivity approach already GA with Google Cloud and planning Microsoft Azure later in 2026; customers can provision connections via console, CLI, or API and evaluate integration with existing network and security controls. Preview: AWS Interconnect.

For partner go‑to‑market, AWS announced that Partner Central agents—built on Amazon Bedrock AgentCore—now let partners create and accelerate opportunities via natural‑language input, document uploads, or cloning, with automated extraction, enrichment, and next‑step recommendations. The capability is available in all commercial regions and accessible through Amazon Q in the console or programmatically via the Model Context Protocol. Update: Partner Central agents.