Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted.
The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production incident. AI is speeding up vulnerability discovery, attackers are moving quickly, and old exposure still keeps paying off.
Patch the quiet risks first. Let’s get into it.
On-Prem Microsoft Exchange Server Exploited in the Wild—Microsoft disclosed a security vulnerability impacting on-premise versions of Exchange Server, which has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. Microsoft is providing a temporary mitigation through its Exchange Emergency Mitigation Service, while it’s readying a permanent fix for the security defect. There are currently no details on how the vulnerability is being exploited, the identity of the threat actor behind the activity, or the scale of such efforts. It’s also unclear who the targets are and if any of those attacks were successful.
Enterprise CISOs, an industry analyst, and security leaders covered why point-in-time testing no longer matches the speed of modern threats, and how teams are using validation evidence to prioritize remediation, prove control effectiveness, and report risk to leadership. Four sessions, all on demand.
Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.
Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-42945 (NGINX Plus and NGINX Open), CVE-2026-44112 (OpenClaw), CVE-2026-42897 (Microsoft Exchange Server), CVE-2026-41096 (Microsoft Windows DNS), CVE-2026-42826 (Microsoft Azure DevOps), CVE-2026-20182 (Cisco Catalyst SD-WAN Controller), CVE-2026-44338 (PraisonAI), CVE-2026-46300, CVE-2026-46333 (Linux Kernel), CVE-2026-45185 (Exim), CVE-2026-8043 (Ivanti Xtraction), CVE-2026-44277 (Fortinet FortiAuthenticator), CVE-2026-26083 (Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS), CVE-2026-34260, CVE-2026-34263 (SAP), CVE-2026-42231, CVE-2026-42232, CVE-2026-44791, CVE-2026-44789, CVE-2026-44790, CVE-2026-42236, CVE-2026-42230 (n8n), CVE-2026-6815 (Casdoor), CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172 (dnsmasq), CVE-2026-6787, CVE-2026-6788 (WatchGuard Agent on Windows), CVE-2026-23479, CVE‑2026‑25243, CVE-2026-25588, CVE‑2026‑25589 (Redis), CVE-2026-41002, CVE-2026-40982, CVE-2026-40981, CVE-2026-41713, CVE-2026-41712, CVE-2026-41705 (Spring), CVE-2026-6722 (PHP ext-soap), CVE-2026-43824 (Argo CD), CVE-2026-27174 (MajorDoMo), CVE-2026-25254, CVE-2026-25293 (Qualcomm), CVE-2026-28819, CVE-2026-43668, CVE-2026-28972 (Apple macOS), CVE-2026-44413 (JetBrains TeamCity), CVE-2026-42010, CVE-2026-33845, CVE-2026-42009, CVE-2026-33846, CVE-2026-1584 (GnuTLS), CVE-2026-30905, CVE-2026-30906 (Zoom), CVE-2026-4782, CVE-2026-4798 (Avada Builder plugin), CVE-2026-43898 (SandboxJS), CVE-2026-8509, CVE-2026-8510 (Google Chrome), CVE-2026-44578 (Next.js), CVE-2025-14177 (PHP), CVE-2026-33439 (OpenAM), CVE-2025-66335 (Apache Doris MCP), an authentication validation bypass in Apache Pinot MCP, and an information disclosure flaw in Alibaba RDS MCP.
Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law.
The message is simple: trust less, check more. Bad packages, fake pages, weak plugins, leaked keys, and old bugs all lead to the same place.
Patch first. Rotate keys. Review what you run in prod. That’s the work. That’s the recap.
Learn how to uncover hidden AI use, see what data it can access, map every AI action to a human owner, and apply practical governance without heavy infrastructure changes.
Learn how to contain Mythos-style AI attacks with practical Zero Trust controls that reduce exposure, stop lateral movement, and limit risk.
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.
Leave a Reply