HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Multiple Zero‑Day and Supply‑Chain Attacks Target Exchange Server, npm Packages, Cisco Devices, and AI Repositories – Immediate TPRM Action Required

A critical Exchange Server RCE, a malicious npm worm, a counterfeit AI model repository, and a new Cisco network‑control vulnerability were disclosed this week. The attacks span email, software supply‑chain, and network infrastructure, exposing any organization that relies on these third‑party services. TPRM teams must verify patches, audit dependencies, and tighten vendor controls.

LiveThreat™ Intelligence · 📅 May 18, 2026· 📰 thehackernews.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
thehackernews.com

Multiple Zero‑Day and Supply‑Chain Attacks Hit Exchange, npm, Cisco and AI Repositories – Broad Enterprise Exposure

What Happened – A series of active exploits were disclosed this week: a critical remote‑code‑execution (RCE) zero‑day in Microsoft Exchange Server, a malicious npm package worm that injects credential‑stealing payloads, a counterfeit AI model repository used to deliver a stealer, and a newly‑found Cisco network‑control‑system vulnerability. In addition, a ransomware group claimed to have returned stolen data after a breach.

Why It Matters for TPRM

  • Critical email infrastructure (Exchange) is a common third‑party service; a breach can expose all downstream partners.
  • Supply‑chain compromises of open‑source packages (npm) can propagate malicious code to dozens of downstream SaaS applications.
  • Fake AI model pages illustrate how social engineering can be used to harvest credentials from vendor‑managed research environments.
  • Network‑device exploits (Cisco) threaten the integrity of on‑prem and cloud‑connected environments that many vendors rely on.

Who Is Affected – Cloud‑hosted SaaS providers, enterprise IT departments, software development firms using npm, telecom/network equipment vendors, AI/ML research platforms, and any organization that integrates with Microsoft Exchange.

Recommended Actions

  • Verify that all Exchange servers are patched to the latest security update; enforce MFA for admin accounts.
  • Conduct an inventory of npm dependencies; block unapproved packages and scan for known malicious signatures.
  • Review third‑party AI model sources; enforce code‑signing and provenance verification.
  • Apply Cisco advisory patches and segment network‑control traffic.
  • Update incident‑response playbooks to include supply‑chain compromise scenarios.

Technical Notes

  • Exchange zero‑day exploits CVE‑2026‑XXXX (RCE via crafted HTTP request).
  • npm worm leverages a malicious post‑install script that exfiltrates npm tokens and SSH keys.
  • Fake AI repository hosted on a compromised GitHub account, delivering a PowerShell stealer.
  • Cisco vulnerability (CVE‑2026‑YYYY) allows unauthenticated command injection on network‑control appliances.

Source: The Hacker News – Weekly Recap

📰 Original Source
https://thehackernews.com/2026/05/weekly-recap-exchange-0-day-npm-worm.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →