⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday, May 18, 2026 at 01:50 PM UTC·Source: The Hacker News

Updated: Monday, May 18, 2026 at 04:00 PM UTC

Executive Summary

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production

Analysis

Source Attribution

Originally published by The Hacker News on May 18, 2026.

Related Threats

CRITICALZero Day

‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

An old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020, was recently picked up by Nightmare Eclipse , a researcher o

CVE-2020-17103CVE-2026-33825

6h agoCSO Online

CRITICALZero Day

Zero-Day Exploit Against Windows BitLocker

It’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in

7h agoSchneier on Security

CRITICALZero Day

Security Researchers Find 47 Zero-Days at Pwn2Own Berlin

The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin

9h agoInfosecurity Magazine