{"vulnerability": "cve-2026-42897", "sightings": [{"uuid": "d171e9a4-1f4c-40b8-8ac1-e0fd2f5955d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/msftexchange.bsky.social/post/3mltcacibdc2f", "content": "Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub! \ud83e\udd8b\ntechcommunity.microsoft.com/blog/Exchang...", "creation_timestamp": "2026-05-14T17:01:37.420425Z"}, {"uuid": "beae2f4d-28ab-403e-86a9-d93967d30d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/msittechnews.bsky.social/post/3mltd6ltja426", "content": "\"Addressing Exchange Server May 2026 vulnerability CVE-2026-42897\" buff.ly/AIsupjL #Microsoft #techcommunity", "creation_timestamp": "2026-05-14T17:18:32.820506Z"}, {"uuid": "8401511f-7243-4a64-b9d4-d9be143dcd9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116574087221515436", "content": "Microsoft Exchange Server CVE-2026-42897 (cross-site scripting) allows for...\"spoofing\"\ud83e\udd14\nIt's being exploited ITW.https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-42897", "creation_timestamp": "2026-05-14T17:23:40.354932Z"}, {"uuid": "044f9242-d530-434c-ba0e-56f9c5d8567a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/schnoll.bsky.social/post/3mlted7j5gs2f", "content": "Microsoft released IIS URL Rewrite rule mitigation M2.1.0 for EEMS and EOMT today and disclosed CVE-2026-42897, a reported vulnerability affecting Outlook on the web in Exchange Server.\n\nThis article talks about why you need EEMS or EOMT.\n\nlnkd.in/g7UNCHsQ\n\n#MSExchange", "creation_timestamp": "2026-05-14T17:39:06.030981Z"}, {"uuid": "e085ea3b-cdf8-4699-b3f0-a8a5d6adf9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mlurvb2s7k2b", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email", "creation_timestamp": "2026-05-15T07:14:26.162830Z"}, {"uuid": "7a17d3a8-96ab-4ac9-85af-80da4ce2b03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlucvpzqwu2j", "content": "Exploited in the Wild: Critical OWA Spoofing Flaw (CVE-2026-42897) Hits On-Premises Exchange Servers", "creation_timestamp": "2026-05-15T02:46:33.896799Z"}, {"uuid": "98f9ad77-07a8-46ef-8dff-526513af975f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mltppftxgl2b", "content": "Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 #patchmanagement", "creation_timestamp": "2026-05-14T21:02:42.918189Z"}, {"uuid": "55ae87e9-2b67-4cb0-81d4-f03fff1cd4c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://gist.github.com/alon710/8bad0b0572ee5c15cbbf9928305712df", "content": "# CVE-2026-42897: CVE-2026-42897: Reflected Cross-Site Scripting in Microsoft Exchange Server OWA\n\n> **CVSS Score:** 8.1\n> **Published:** 2026-05-14\n> **Full Report:** https://cvereports.com/reports/CVE-2026-42897\n\n## Summary\nCVE-2026-42897 is a high-severity reflected Cross-Site Scripting (XSS) vulnerability affecting the Outlook on the web (OWA) component of Microsoft Exchange Server. The flaw stems from improper neutralization of user-supplied input during web page generation. Discovered as a zero-day and actively exploited in the wild, the vulnerability allows unauthenticated attackers to execute arbitrary JavaScript within the security context of a targeted user's session, facilitating session hijacking and identity spoofing.\n\n## TL;DR\nActively exploited reflected XSS in Exchange Server OWA allows unauthenticated attackers to hijack authenticated sessions via crafted URLs. Microsoft released out-of-band updates and an IIS URL rewrite mitigation (EEMS M2) to address the flaw.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE**: CWE-79\n- **Attack Vector**: Network\n- **CVSS Score**: 8.1\n- **Impact**: Session Hijacking / High Confidentiality & Integrity\n- **Exploit Status**: Actively Exploited\n- **KEV Status**: Listed\n\n## Affected Systems\n\n- Microsoft Exchange Server 2016\n- Microsoft Exchange Server 2019\n- Microsoft Exchange Server Subscription Edition\n- **Microsoft Exchange Server 2016**: <= Cumulative Update 23 (Fixed in: `Cumulative Update 23 May 2026 SU`)\n- **Microsoft Exchange Server 2019**: <= Cumulative Update 15 (Fixed in: `Cumulative Update 14/15 May 2026 SU`)\n- **Microsoft Exchange Server Subscription Edition**: RTM (Fixed in: `May 2026 SU`)\n\n## Mitigation\n\n- Apply the official out-of-band Security Updates (SUs) and Cumulative Updates (CUs) provided by Microsoft.\n- Ensure the Exchange Emergency Mitigation Service (EEMS) is active and has applied the M2 or M2.1 IIS URL Rewrite rule.\n- Monitor IIS logs for anomalous query strings, URL paths containing encoded script tags, and unexpected OWA access patterns.\n- Implement network-level Web Application Firewall (WAF) rules to detect and block common Cross-Site Scripting payload structures targeting Exchange endpoints.\n\n**Remediation Steps:**\n1. Download the appropriate Security Update or Cumulative Update for the installed version of Microsoft Exchange Server.\n2. Install the update on all internal and edge Exchange Server instances.\n3. Verify the installation of the EEMS M2 mitigation using the `Get-ExchangeServer` PowerShell cmdlet.\n4. Review IIS logs to identify any accounts that interacted with malicious URLs prior to the patch application.\n5. Revoke active sessions and enforce password resets for any compromised accounts.\n\n## References\n\n- [Microsoft Security Response Center (MSRC) Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897)\n- [Microsoft Learn - Exchange EM Service](https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-42897)\n- [Tenable CVE Database](https://www.tenable.com/cve/CVE-2026-42897)\n- [SecurityOnline Technical Report](https://securityonline.info/google-chrome-security-update-79-fixes-critical-vulnerabilities/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-42897) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-15T07:20:29.000000Z"}, {"uuid": "643b2119-bba0-4120-a4a1-8c618e1c0399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/GithubRedTeam/84323", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-42897\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a atiilla\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a PowerShell\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-15 11:41:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-15T12:00:04.000000Z"}, {"uuid": "1ef160b4-4c04-4a85-976f-b9836180668b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.acn.gov.it/portale/w/microsoft-rilevato-sfruttamento-attivo-della-cve-2026-41615", "content": "Microsoft ha rilasciato aggiornamenti di sicurezza per risolvere due nuove vulnerabilit\u00e0, una con gravit\u00e0 \u201dcritica\u201d e una con gravit\u00e0 \u201calta\u201d, che riguardano i prodotti Microsoft Authenticator e Microsoft Exchange Server. Tra queste si evidenzia la CVE-2026-42897, di tipo \u201cCross-site Scripting (XSS)\u201d, che risulta essere sfruttata attivamente in rete.", "creation_timestamp": "2026-05-15T09:54:10.000000Z"}, {"uuid": "8f9b5ff5-e3b0-4fa9-b0dd-c6eae09407b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mlvgiku4e72c", "content": "Another Exchange zero-day, CVE-2026-42897, is being actively exploited in OWA. If you're an on-premises admin, you need to know why your mitigation might look broken but isn't, and how to confirm you're truly protected.\n\nhttps://www.tpp.blog/ladtg67\n\n#cybersecurity #microsoft #exchange", "creation_timestamp": "2026-05-15T13:23:08.321895Z"}, {"uuid": "2387ed8d-4e42-40bf-8afc-8f5ece6b73b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kushelmex.com/post/3mlvjyrzkk22e", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day securityaffairs.com/192204/secur...", "creation_timestamp": "2026-05-15T14:25:57.109239Z"}, {"uuid": "1584fc0b-777d-4392-a120-8cb6d7792b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/se-nyheter.bsky.social/post/3mlvkaxj6g62u", "content": "Microsoft varnar f\u00f6r allvarlig s\u00e5rbarhet i Exchange Server\n\nhttps://www.europesays.com/se/247025/\n\nMicrosoft l\u00e5ter meddela att det finns en allvarlig s\u00e5rbarhet i Exchange Server som f\u00e5tt beteckningen CVE-2026-42897. Eftersom s\u00e5rbarheten\u2026", "creation_timestamp": "2026-05-15T14:30:28.248612Z"}, {"uuid": "60f37136-ac76-4d9f-a5b5-211ee5b1482c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/winfuture.de/post/3mlvkgpbmfj2u", "content": "Kritische Sicherheitsl\u00fccke CVE-2026-42897 bedroht Microsoft Exchange Server 2016, 2019 und Subscription Edition. Angreifer k\u00f6nnen \u00fcber OWA JavaScript-Code ausf\u00fchren. #Microsoft #ITSec", "creation_timestamp": "2026-05-15T14:33:40.581795Z"}, {"uuid": "b6f33e33-3f5e-4024-9e05-c21318ccb356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlvl4l66bb2v", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day", "creation_timestamp": "2026-05-15T14:45:54.571065Z"}, {"uuid": "77cfbbb9-fdcf-4386-985b-bf44fc45afe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "Telegram/P2nAQ_9l9kC9SbCUZj2F7I9PUkzW2Bbjh2V7jVr4CtLIeNo8", "content": "", "creation_timestamp": "2026-05-15T14:10:07.000000Z"}, {"uuid": "892e2003-1ec0-42e7-b1c7-b49a9e24c5d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/ctinow/250357", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day\nhttps://ift.tt/OhPbgWk", "creation_timestamp": "2026-05-15T14:14:42.000000Z"}, {"uuid": "4e262bfc-03bd-4117-a1f4-a3a0b03c09bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mlvlx2rdck2c", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day \nhttps://\nift.tt/26I9U0P \n\nMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked\u2026\n\n\ud83d\udd01 RT @f1tym1 | reposted by @HackingLZ\nhttps://x.com/f1tym1/status/2055293244360056997", "creation_timestamp": "2026-05-15T15:00:44.743532Z"}, {"uuid": "fb1f890c-81d5-44f4-9f21-7e82b6794215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3mlvo7lzide2g", "content": "\u26a0\ufe0f Exchange Server \u2013 CVE-2026-42897 : cette faille zero-day est d\u00e9j\u00e0 exploit\u00e9e !\n\nPlus d'infos : \n- www.it-connect.fr/exchange-ser...\n\n#microsoft #exchange #infosec", "creation_timestamp": "2026-05-15T15:41:17.916960Z"}, {"uuid": "e10c863c-406d-431c-a4c9-a3380c78723a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mlvpubgopc2k", "content": "~Cybergcca~\nActive exploitation of critical Cisco SD-WAN (CVE-2026-20182) and MS Exchange (CVE-2026-42897) flaws.\n-\nIOCs: CVE-2026-20182, CVE-2026-42897\n-\n#CVE202620182 #Exchange #ThreatIntel", "creation_timestamp": "2026-05-15T16:10:45.038290Z"}, {"uuid": "beac8c39-88bc-4375-b45c-5e365d66bc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-473", "content": "", "creation_timestamp": "2026-05-15T06:42:56.000000Z"}, {"uuid": "3f6a5151-55d2-4dad-bbcb-05d732f82d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/msxfaq.de/post/3mlvtiay53s2u", "content": "#MSXFAQ CVE-2026-42897 EEMS M2.1 OWA CSP www.msxfaq.de/exchange/upd... HTML-Mails mit Schadcode werden beim Zugriff per OWA eventuell ausgef\u00fchrt. EEMT-Mitigation werden aktiv verteilt. Wer kein EEMT aktiv hat, sollte manuell aktiv werden.", "creation_timestamp": "2026-05-15T17:15:39.367632Z"}, {"uuid": "b2db1dc4-c856-4630-814d-fb1af764476a", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-42897", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/aa500692-161b-45c6-8d92-a0c2a2b2944c", "content": "", "creation_timestamp": "2026-05-15T18:00:01.932947Z"}, {"uuid": "5476d6ed-1a26-49cf-b7e2-c54d75921abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mlvzawwbw52k", "content": "\ud83d\udce2 Microsoft confirms a new Exchange Server zero-day (CVE-2026-42897) is actively exploited! The XSS flaw in OWA affects on-prem servers. Mitigations are being deployed automatically via the EM service. Check your systems! \ud83d\udee1\ufe0f #Exchange #Zeroday\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-15T18:58:54.838012Z"}, {"uuid": "3b5e025c-32e9-4f4b-b1f8-ab1234147c9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mlw4vbq24x2k", "content": "~Cisa~\nCISA added an actively exploited Microsoft Exchange Server XSS vulnerability to its KEV catalog.\n-\nIOCs: CVE-2026-42897\n-\n#CVE202642897 #Exchange #ThreatIntel", "creation_timestamp": "2026-05-15T20:04:52.403920Z"}, {"uuid": "8ff0aa00-664e-4694-9048-75fc3dda8e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3mlwdnmickh2q", "content": "Microsoft warns of active exploitation of Exchange Server flaw\u00a0CVE-2026-42897\n\nMicrosoft says attackers are exploiting CVE-2026-42897 in on-prem Exchange Server, with temporary mitigations available while a fix is readied.", "creation_timestamp": "2026-05-15T22:06:18.942346Z"}, {"uuid": "dd185b17-bdde-4a56-a518-d9bdaa1d4b3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlwshvs3sk2v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43284: 90 interactions\nCVE-2026-43500: 71 interactions\nCVE-2026-42511: 56 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-42897: 36 interactions\nCVE-2026-20182: 13 interactions\nCVE-2026-42945: 12 interactions\n", "creation_timestamp": "2026-05-16T02:34:30.997511Z"}, {"uuid": "d7b2b1f9-01a1-474a-a5cd-66f1446d0bfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/ctinow/250337", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email\nhttps://ift.tt/ehd0tz9", "creation_timestamp": "2026-05-15T06:59:51.000000Z"}, {"uuid": "6808b394-5376-4ec1-93e6-d242c326547c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/cibsecurity/89380", "content": "\ud83d\udd8b\ufe0f On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email \ud83d\udd8b\ufe0f\n\nMicrosoft has disclosed a new security vulnerability impacting onpremise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE202642897 CVSS score 8.1, has been described as a spoofing bug stemming from a crosssite scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. \".\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-05-15T07:00:15.000000Z"}, {"uuid": "a245635f-d2ee-4bc9-860b-b6bdc4b34e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1873", "content": "", "creation_timestamp": "2026-05-14T21:00:00.000000Z"}, {"uuid": "87aa70ac-cab5-4059-b7ea-dbde30443ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mlx3xdfyu22g", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email\n\nMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.\nThe vulnerability, tracked as\u2026\n#hackernews #microsoft #news", "creation_timestamp": "2026-05-16T05:19:52.041132Z"}, {"uuid": "74372fed-6a01-420d-9db0-b975ca8991d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/technology-news.bsky.social/post/3mlxf5m4hdx2l", "content": "CVE-2026-42897 is exploited in on-prem Exchange; crafted emails enable spoofing, forcing urgent mitigation.", "creation_timestamp": "2026-05-16T08:04:26.743593Z"}, {"uuid": "c1fb31a4-1528-48f4-8f8e-d8c3eceaa4b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://gist.github.com/stone776/0440bbb9fda24b6bda2b6868dc58f6f0", "content": "\n\n\n \n \n TARDIS Intelligence Briefing \u2014 2026-05-16\n \n\n *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }\n\n :root {\n --tardis-deep: #020b18;\n --tardis-dark: #061627;\n --tardis-mid: #0c2240;\n --tardis-surface: #0f2a4a;\n --tardis-panel: #132f52;\n --tardis-edge: #1a3d66;\n --tardis-blue: #1e6fba;\n --tardis-blue-bright: #3498db;\n --tardis-blue-glow: rgba(52, 152, 219, 0.15);\n --tardis-gold: #f4c430;\n --tardis-gold-dim: rgba(244, 196, 48, 0.12);\n --tardis-amber: #e89e2d;\n --tardis-green: #50c878;\n --tardis-green-soft: rgba(80, 200, 120, 0.12);\n --tardis-red: #e74c3c;\n --tardis-text: #c8dce8;\n --tardis-text-dim: #7a9ab8;\n --tardis-text-muted: #4a6a85;\n }\n\n body {\n background: var(--tardis-deep);\n color: var(--tardis-text);\n font-family: 'Rajdhani', sans-serif;\n font-weight: 400;\n min-height: 100vh;\n line-height: 1.55;\n }\n\n /* Scrollbar */\n ::-webkit-scrollbar { width: 5px; }\n ::-webkit-scrollbar-track { background: var(--tardis-deep); }\n ::-webkit-scrollbar-thumb { background: var(--tardis-edge); border-radius: 3px; }\n\n /* \u2500\u2500 Console Header \u2500\u2500 */\n .console-header {\n background: var(--tardis-dark);\n border-bottom: 2px solid var(--tardis-blue);\n padding: 16px 36px;\n display: flex;\n align-items: center;\n justify-content: space-between;\n position: relative;\n overflow: hidden;\n }\n\n .console-header::before {\n content: '';\n position: absolute;\n top: 0;\n left: 0;\n right: 0;\n height: 2px;\n background: linear-gradient(90deg,\n transparent 0%,\n var(--tardis-blue-bright) 30%,\n var(--tardis-gold) 50%,\n var(--tardis-blue-bright) 70%,\n transparent 100%\n );\n }\n\n .console-brand {\n display: flex;\n align-items: center;\n gap: 14px;\n }\n\n .tardis-icon {\n width: 38px;\n height: 38px;\n border: 2px solid var(--tardis-blue);\n border-radius: 4px;\n display: flex;\n align-items: center;\n justify-content: center;\n background: var(--tardis-mid);\n flex-shrink: 0;\n }\n\n .tardis-icon::before {\n content: '';\n width: 10px;\n height: 10px;\n background: var(--tardis-gold);\n border-radius: 50%;\n }\n\n .console-title-block {\n display: flex;\n flex-direction: column;\n gap: 2px;\n }\n\n .console-title {\n font-family: 'Orbitron', sans-serif;\n font-size: 1.05em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.14em;\n color: var(--tardis-gold);\n }\n\n .console-subtitle {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.7em;\n color: var(--tardis-text-dim);\n text-transform: uppercase;\n letter-spacing: 0.18em;\n }\n\n .console-readout {\n display: flex;\n align-items: center;\n gap: 24px;\n }\n\n .readout-date {\n font-family: 'Share Tech Mono', monospace;\n font-size: 1.1em;\n color: var(--tardis-gold);\n letter-spacing: 0.06em;\n }\n\n .readout-classification {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.62em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.12em;\n color: var(--tardis-text-dim);\n background: var(--tardis-mid);\n border: 1px solid var(--tardis-edge);\n padding: 5px 14px;\n border-radius: 3px;\n }\n\n .weather-readout {\n font-family: 'Share Tech Mono', monospace;\n color: var(--tardis-text-dim);\n font-size: 0.85rem;\n letter-spacing: 0.5px;\n }\n\n /* \u2500\u2500 Navigation Sidebar \u2500\u2500 */\n .page-layout {\n display: grid;\n grid-template-columns: 200px 1fr;\n min-height: calc(100vh - 74px);\n }\n\n .nav-sidebar {\n background: var(--tardis-dark);\n border-right: 1px solid var(--tardis-edge);\n padding: 28px 0;\n position: sticky;\n top: 0;\n height: calc(100vh - 74px);\n overflow-y: auto;\n }\n\n .nav-sidebar::-webkit-scrollbar { width: 3px; }\n .nav-sidebar::-webkit-scrollbar-thumb { background: var(--tardis-edge); }\n\n .nav-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.2em;\n color: var(--tardis-text-muted);\n padding: 0 20px 12px;\n }\n\n .nav-item {\n display: flex;\n align-items: center;\n gap: 10px;\n padding: 9px 20px;\n cursor: pointer;\n border-left: 3px solid transparent;\n text-decoration: none;\n color: var(--tardis-text-dim);\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.85em;\n font-weight: 500;\n line-height: 1.2;\n }\n\n .nav-item:hover {\n color: var(--tardis-text);\n background: var(--tardis-mid);\n border-left-color: var(--tardis-blue-bright);\n }\n\n .nav-num {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.78em;\n color: var(--tardis-text-muted);\n width: 18px;\n text-align: right;\n flex-shrink: 0;\n }\n\n .nav-divider {\n height: 1px;\n background: var(--tardis-edge);\n margin: 12px 20px;\n }\n\n /* \u2500\u2500 Main Content \u2500\u2500 */\n .main-content {\n padding: 32px 40px 60px;\n max-width: 900px;\n }\n\n /* \u2500\u2500 Section Chrome \u2500\u2500 */\n .section-chrome {\n border: 1px solid var(--tardis-edge);\n border-radius: 6px;\n overflow: hidden;\n background: var(--tardis-dark);\n margin-bottom: 28px;\n }\n\n .section-chrome-header {\n background: var(--tardis-mid);\n padding: 11px 18px;\n display: flex;\n align-items: center;\n justify-content: space-between;\n border-bottom: 1px solid var(--tardis-edge);\n }\n\n .section-chrome-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.68em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.16em;\n color: var(--tardis-text);\n display: flex;\n align-items: center;\n gap: 9px;\n }\n\n .label-indicator {\n width: 7px;\n height: 7px;\n border-radius: 50%;\n background: var(--tardis-green);\n flex-shrink: 0;\n }\n\n .label-indicator.gold { background: var(--tardis-gold); }\n .label-indicator.blue { background: var(--tardis-blue-bright); }\n .label-indicator.red { background: var(--tardis-red); }\n .label-indicator.amber { background: var(--tardis-amber); }\n\n .section-chrome-badge {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.72em;\n color: var(--tardis-text-dim);\n background: var(--tardis-dark);\n padding: 2px 9px;\n border-radius: 3px;\n border: 1px solid var(--tardis-edge);\n }\n\n .section-chrome-body {\n padding: 22px 24px;\n }\n\n /* \u2500\u2500 BLUF Block \u2500\u2500 */\n .bluf-block {\n border-left: 3px solid var(--tardis-gold);\n background: var(--tardis-gold-dim);\n padding: 12px 16px;\n margin-bottom: 18px;\n border-radius: 0 4px 4px 0;\n }\n\n .bluf-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.2em;\n color: var(--tardis-gold);\n margin-bottom: 5px;\n }\n\n .bluf-text {\n font-family: 'Rajdhani', sans-serif;\n font-size: 1.05em;\n font-weight: 600;\n color: var(--tardis-text);\n line-height: 1.4;\n }\n\n /* \u2500\u2500 Bullet Lists \u2500\u2500 */\n .fact-list {\n list-style: none;\n margin-bottom: 16px;\n }\n\n .fact-list li {\n font-size: 0.97em;\n font-weight: 500;\n color: var(--tardis-text);\n padding: 5px 0 5px 18px;\n position: relative;\n line-height: 1.45;\n border-bottom: 1px solid rgba(26, 61, 102, 0.35);\n }\n\n .fact-list li:last-child { border-bottom: none; }\n\n .fact-list li::before {\n content: '';\n position: absolute;\n left: 0;\n top: 13px;\n width: 6px;\n height: 6px;\n border: 1px solid var(--tardis-blue-bright);\n border-radius: 1px;\n transform: rotate(45deg);\n }\n\n .fact-list .source-tag {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.78em;\n color: var(--tardis-text-muted);\n font-weight: 400;\n }\n\n /* \u2500\u2500 Context Block \u2500\u2500 */\n .context-block {\n background: var(--tardis-surface);\n border: 1px solid var(--tardis-edge);\n border-radius: 4px;\n padding: 12px 16px;\n margin-bottom: 14px;\n }\n\n .context-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.18em;\n color: var(--tardis-text-muted);\n margin-bottom: 6px;\n }\n\n .context-text {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em;\n color: var(--tardis-text-dim);\n line-height: 1.5;\n }\n\n /* \u2500\u2500 Open Questions \u2500\u2500 */\n .open-questions {\n margin-top: 12px;\n }\n\n .open-questions-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.18em;\n color: var(--tardis-text-muted);\n margin-bottom: 7px;\n }\n\n .open-questions ul {\n list-style: none;\n }\n\n .open-questions li {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.9em;\n color: var(--tardis-text-dim);\n font-style: italic;\n padding: 3px 0 3px 14px;\n position: relative;\n }\n\n .open-questions li::before {\n content: '?';\n position: absolute;\n left: 0;\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.85em;\n color: var(--tardis-amber);\n font-style: normal;\n }\n\n /* \u2500\u2500 Data Tables \u2500\u2500 */\n .data-table-wrap {\n overflow-x: auto;\n margin-bottom: 16px;\n }\n\n table {\n width: 100%;\n border-collapse: collapse;\n font-size: 0.9em;\n }\n\n thead {\n background: var(--tardis-surface);\n }\n\n th {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.62em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.12em;\n color: var(--tardis-text-dim);\n padding: 9px 14px;\n text-align: left;\n border-bottom: 1px solid var(--tardis-edge);\n white-space: nowrap;\n }\n\n td {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.88em;\n color: var(--tardis-text);\n padding: 8px 14px;\n border-bottom: 1px solid rgba(26, 61, 102, 0.4);\n line-height: 1.35;\n }\n\n td.label-cell {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em;\n font-weight: 600;\n color: var(--tardis-text-dim);\n }\n\n td.positive { color: var(--tardis-green); }\n td.negative { color: var(--tardis-red); }\n td.neutral { color: var(--tardis-text-muted); }\n\n tr:hover td { background: rgba(12, 34, 64, 0.5); }\n\n /* \u2500\u2500 CISA KEV Block \u2500\u2500 */\n .kev-block {\n background: rgba(231, 76, 60, 0.07);\n border: 1px solid rgba(231, 76, 60, 0.25);\n border-radius: 4px;\n padding: 12px 16px;\n margin-bottom: 14px;\n }\n\n .kev-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.6em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.18em;\n color: var(--tardis-red);\n margin-bottom: 8px;\n }\n\n .kev-entry {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em;\n color: var(--tardis-text);\n padding: 4px 0;\n border-bottom: 1px solid rgba(231, 76, 60, 0.15);\n line-height: 1.4;\n }\n\n .kev-entry:last-child { border-bottom: none; }\n\n .kev-cve {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.88em;\n color: var(--tardis-red);\n font-weight: 400;\n }\n\n .kev-none {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em;\n color: var(--tardis-text-muted);\n font-style: italic;\n }\n\n /* \u2500\u2500 Analysis Section \u2500\u2500 */\n .analysis-chrome {\n border: 1px solid var(--tardis-gold);\n border-radius: 6px;\n overflow: hidden;\n background: var(--tardis-dark);\n margin-bottom: 28px;\n }\n\n .analysis-chrome .section-chrome-header {\n background: var(--tardis-gold-dim);\n border-bottom-color: rgba(244, 196, 48, 0.25);\n }\n\n .analysis-subsection {\n margin-bottom: 18px;\n }\n\n .analysis-subsection:last-child { margin-bottom: 0; }\n\n .analysis-sublabel {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.62em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.16em;\n color: var(--tardis-gold);\n margin-bottom: 8px;\n padding-bottom: 4px;\n border-bottom: 1px solid rgba(244, 196, 48, 0.2);\n }\n\n /* \u2500\u2500 Metadata Footer \u2500\u2500 */\n .metadata-footer {\n background: var(--tardis-dark);\n border-top: 1px solid var(--tardis-edge);\n padding: 18px 40px;\n margin-top: 8px;\n }\n\n .metadata-grid {\n display: flex;\n flex-wrap: wrap;\n gap: 20px 36px;\n }\n\n .metadata-item {\n display: flex;\n flex-direction: column;\n gap: 2px;\n }\n\n .metadata-key {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.55em;\n font-weight: 700;\n text-transform: uppercase;\n letter-spacing: 0.18em;\n color: var(--tardis-text-muted);\n }\n\n .metadata-value {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.82em;\n color: var(--tardis-text-dim);\n }\n \n\n.research-paper { margin-bottom: 24px; padding-bottom: 20px; border-bottom: 1px solid var(--tardis-edge); }\n.research-paper:last-child { border-bottom: none; }\n.research-paper.historical { opacity: 0.85; }\n.paper-header { margin-bottom: 8px; }\n.paper-id { font-family: 'Share Tech Mono', monospace; font-size: 0.78em; color: var(--tardis-blue-bright); text-decoration: none; }\n.paper-id:hover { color: var(--tardis-gold); }\n.paper-date { display: block; font-family: 'Share Tech Mono', monospace; font-size: 0.72em; color: var(--tardis-text-muted); margin-top: 3px; }\n.paper-body p { font-size: 0.93em; color: var(--tardis-text-dim); margin-bottom: 8px; line-height: 1.5; }\n.paper-questions { font-size: 0.88em; color: var(--tardis-text-muted); font-style: italic; border-left: 2px solid var(--tardis-amber); padding-left: 10px; margin-top: 6px; }\n.merlin-finding { margin-bottom: 22px; padding-bottom: 18px; border-bottom: 1px solid var(--tardis-edge); }\n.merlin-finding:last-of-type { border-bottom: none; }\n.finding-title { font-size: 1em; font-weight: 600; color: var(--tardis-gold); margin-bottom: 10px; }\n.kev-entry { margin-bottom: 6px; }\n.kev-cve { font-size: 1em; }\n.grid-table th { padding: 8px 10px; text-align: left; font-family: 'Orbitron', sans-serif; font-size: 0.62em; text-transform: uppercase; letter-spacing: 0.1em; color: var(--tardis-text-dim); }\n.grid-table td { padding: 7px 10px; font-size: 0.88em; border-bottom: 1px solid var(--tardis-edge); vertical-align: top; }\n.grid-table tr:last-child td { border-bottom: none; }\n\n\n\n\n\n\n \n\n \n\n \n\n \nTARDIS\n \nIntelligence Briefing System\n \n \n \n\n \nOvercast \u00b7 Hi 69\u00b0F / Lo 59\u00b0F\n \n2026-05-16 SAT\n \nPERSONAL USE\n \n\n\n\n\n \n\n \nSections\n 01AI Research\n 02Merlin Intelligence\n 03Military / Geo\n 05Economic\n 06Tech\n 07Cybersecurity\n 10Space\n 11Energy\n \n\n 13Analysis\n \n\n \n\n \n\n \n\n AI Research\n 4 FRESH \u00b7 2 HISTORICAL [90-DAY]\n \n \n\n \n\n \nBLUF\n \nFour fresh papers map directly to Merlin's architecture this week: parallel agentic workflow distribution, self-distilling agent judgment, memory as first-class model state, and concurrent tool execution without retraining. Historical window surfaces adversarial co-evolution of agent policies and collaborative uncertainty quantification for multi-LLM systems.\n \n\n \n\n \n\n [ArXiv 2605.15132]\n \nAPWA: Distributed Architecture for Parallelizable Agentic Workflows\n Published: 2026-05-14\n \n \n\n \nWhat it shows: APWA formalizes a distributed execution architecture that decomposes agentic tasks into dependency graphs, then schedules subtasks across parallel agent workers. The architecture defines explicit interfaces for task handoff, result aggregation, and failure recovery without coordinator bottlenecks. Benchmarks show 4.2\u00d7 throughput on coding tasks and 6.1\u00d7 on research pipelines versus sequential orchestration.\n \nContext: Current multi-agent systems typically run sub-agents sequentially or semi-sequentially, gating on orchestrator availability. APWA provides a formal specification \u2014 not just empirical benchmarks \u2014 making it directly adaptable to production systems.\n \nStructural implication: The dependency graph formalism maps directly onto Merlin's orchestrator-spawns-children pattern. Implementing APWA's scheduling logic in the blackboard could replace Merlin's sequential handoff bottlenecks with genuine parallelism.\n \n \n\n Open question: How does APWA handle partial failures in parallel branches \u2014 does the aggregation layer support partial results, or does any branch failure require full restart?\n \n \n\n \n\n \n\n [ArXiv 2605.15155]\n \nSelf-Distilled Agentic Reinforcement Learning\n Published: 2026-05-14\n \n \n\n \nWhat it shows: Agents trained via self-distillation \u2014 using their own successful trajectories as training signal \u2014 achieve measurable quality improvements on coding and reasoning tasks without human-labeled reward data. The technique operates at the prompt and trajectory level, requiring no model retraining. Improvements compound across iterations and do not require a separate reward model.\n \nContext: Standard RLHF requires human preference labels. Self-distillation closes the loop using the agent's own confident outputs as implicit labels \u2014 applicable to any frontier model without API-level access to weights.\n \nStructural implication: Merlin's Judge/Auditor currently provides binary pass/fail. Self-distillation would allow the Judge to improve its own calibration over time by collecting high-confidence accepts as positive examples \u2014 directly supporting Phase 3 (Sharpen the Saw).\n \n \n\n Open question: Self-distillation amplifies the model's existing biases \u2014 if the Judge starts with systematic errors, does the distillation loop correct or entrench them?\n \n \n\n \n\n \n\n [ArXiv 2605.15156]\n \nMeMo: Memory as a Model\n Published: 2026-05-14\n \n \n\n \nWhat it shows: Proposes treating external memory systems as first-class model components rather than retrieval add-ons. Under the MeMo framework, memory reads are parameterized inference steps \u2014 the model actively queries memory with learned attention rather than treating retrieved documents as raw context. Results show 23% improvement on multi-hop reasoning tasks versus standard RAG.\n \nContext: Current RAG systems treat retrieved content as additional context tokens. MeMo integrates memory access into the inference computation, allowing gradient-like improvement in what the model chooses to retrieve.\n \nStructural implication: Merlin's blackboard is currently accessed by agents as flat retrieval. Implementing MeMo-style parameterized memory queries against pgvector could improve relevance of blackboard artifact retrieval for orchestrator planning.\n \n \n\n Open question: MeMo requires modification to inference-time attention \u2014 does this work through prompt engineering alone, or does it require API capabilities not yet exposed by frontier providers?\n \n \n\n \n\n \n\n [ArXiv 2605.15077]\n \nConcurrency without Model Changes: Future-based Asynchronous Function Calling for LLMs\n Published: 2026-05-14\n \n \n\n \nWhat it shows: Enables concurrent tool execution in existing LLMs by introducing a \"future\" abstraction \u2014 the model issues parallel tool calls returning handles, continues generation, and resolves handles when results arrive. Implemented entirely at the harness layer, requiring no model retraining. Reduces tool-dependent latency by 60\u201370% on tasks with independent tool calls.\n \nContext: Current LLM tool use is serial: model calls tool, waits for result, continues. This paper eliminates that bottleneck with a harness-level scheduler. Works with GPT-5, Claude 3.7, and Gemini 2.0 without modification.\n \nStructural implication: Merlin's orchestrator currently issues tool calls serially. The future-based harness could be implemented in OpenHands to parallelize blackboard reads, search queries, and other tool calls within a single agent session.\n \n \n\n \n\n \n\n [ArXiv 2603.28386]\n \n[90-day] COvolve: Adversarial Co-Evolution of LLM-Generated Policies and Environments\n Published: 2026-03-30 | Window: Mar 28 \u2013 Apr 4\n \n \n\n \nWhat it shows: Demonstrates that LLM-generated agent policies and the environments they operate in can be co-evolved adversarially \u2014 the environment generator exploits policy weaknesses, forcing policy improvement beyond what static benchmarks produce. Applied to code generation and tool use, COvolve policies outperform standard training on novel task distributions.\n \nContext: Standard agent evaluation uses fixed benchmarks that become saturated. COvolve creates a perpetually novel evaluation regime by evolving both the task distribution and the agent policy simultaneously.\n \nStructural implication: Merlin's quality gates evaluate against static product specifications. A COvolve-style adversarial environment could stress-test orchestrator behavior against dynamic failure modes \u2014 directly applicable to Phase 1 closed-loop verification.\n \n \n\n \n\n \n\n [ArXiv 2603.28360]\n \n[90-day] CoE: Collaborative Entropy for Uncertainty Quantification in Agentic Multi-LLM Systems\n Published: 2026-03-30 | Window: Mar 28 \u2013 Apr 4\n \n \n\n \nWhat it shows: Introduces Collaborative Entropy (CoE) \u2014 a measure of agreement across multiple LLMs used to quantify uncertainty in agentic decisions. When CoE is high (models disagree), the system flags the decision for additional verification or human review. When CoE is low (consensus), the system proceeds autonomously. Reduces false-positive escalations by 38% versus single-model confidence thresholds.\n \nContext: Single-model confidence scores are poorly calibrated and routinely overconfident. CoE exploits disagreement across model families as a stronger uncertainty signal, without requiring ensemble training.\n \nStructural implication: Merlin's Judge uses a single model (confidence \u226592). Replacing or augmenting with a CoE-based multi-model vote would improve Judge calibration and reduce over-acceptance of low-quality artifacts \u2014 directly relevant to Phase 1 quality gate design.\n \n \n \n\n\n \n\n \n\n Merlin Intelligence\n 5 FINDINGS \u00b7 PHASE 1\n \n \n\n \n\n \nBLUF\n \nAPWA's parallel agentic workflow architecture and the future-based async function calling paper together address Merlin's single largest Phase 1 bottleneck: sequential orchestration. Implement async harness in OpenHands first \u2014 zero model changes required, 60\u201370% latency reduction in tool-dependent tasks.\n \n\n \n\n \n1. APWA \u2014 Replace Sequential Child Agent Dispatch with Dependency Graph Scheduler\n \n\n \nResearch: APWA formalizes dependency graphs for agentic task decomposition and achieves 4\u20136\u00d7 throughput improvement over sequential orchestration. [ArXiv 2605.15132]\n \nMerlin component: Orchestrator child agent dispatch. Currently the merlin_orchestrator skill spawns children sequentially, gated on each prior result.\n \nImplementation: Encode task dependencies as a DAG in the blackboard artifact schema. Orchestrator reads the DAG, dispatches independent branches in parallel via concurrent AgentDelegateAction calls, and aggregates results when all branches resolve. Partial results should be stored to blackboard as child artifacts \u2014 auditor verifies each branch independently before aggregation.\n \nBuild priority: [HIGH] \u2014 directly accelerates Phase 1 factory throughput. No new infrastructure required; the blackboard already supports artifact trees.\n \n \n\n \n\n \n2. Future-based Async Tool Calls \u2014 Eliminate Serial Bottleneck Inside Agent Sessions\n \n\n \nResearch: Harness-level future abstraction enables concurrent tool execution in existing LLMs without model changes. 60\u201370% latency reduction on tool-dependent tasks. [ArXiv 2605.15077]\n \nMerlin component: OpenHands tool execution layer. Research agents that issue multiple sequential tool calls (blackboard read \u2192 search \u2192 embed \u2192 write) incur compounding latency.\n \nImplementation: Wrap OpenHands tool dispatch in a futures scheduler: agent emits parallel tool requests, scheduler fires them concurrently, resolves in order of completion. Requires no OpenHands model config changes \u2014 implement as a middleware layer in the agent runner.\n \nBuild priority: [HIGH] \u2014 low implementation risk, directly observable latency improvement, zero cost increase.\n \n \n\n \n\n \n3. Self-Distilled Agentic RL \u2014 Path to Judge/Auditor Self-Improvement\n \n\n \nResearch: Agents improve judgment quality by distilling their own high-confidence trajectories as implicit positive examples \u2014 no human labels, no model retraining required. [ArXiv 2605.15155]\n \nMerlin component: Judge/Auditor quality gate. Currently Judge applies a fixed \u226592 confidence threshold with no mechanism to improve calibration over time.\n \nImplementation: Store Judge decisions with confidence scores in blackboard_artifacts. Periodically synthesize the top-confidence accepted artifacts into a \"golden examples\" SKILL.md section. Update Judge prompt to reference golden examples as calibration anchors. This is Phase 3 capability but the data collection (logging Judge decisions) should start now in Phase 1.\n \nBuild priority: [MEDIUM] \u2014 instrument now (1\u20132h), harvest in Phase 3.\n \n \n\n \n\n \n4. Orthrus-Qwen3 Inference Efficiency \u2014 Validate Against ChatGPT Pro OAuth Constraint\n \n\n \nResearch: Orthrus-Qwen3 achieves 7.8\u00d7 token throughput on Qwen3 with identical output distribution via speculative decoding variant. [HN 2026-05-15]\n \nMerlin component: $0 LLM cost constraint (Golden Rule 6). ChatGPT Pro OAuth is the primary model path; utility calls use gpt-5.4-nano.\n \nImplementation: Monitor whether similar efficiency techniques appear for GPT-5/ChatGPT inference \u2014 if OpenAI exposes a speculative decoding mode via API, it could reduce nano usage costs. More immediately: the technique confirms Qwen3 as a viable self-hosted fallback if OAuth path degrades. Spike a local Qwen3 setup for non-critical orchestrator calls.\n \nBuild priority: [EXPLORE] \u2014 watch for OpenAI equivalent; Qwen3 local spike is low risk.\n \n \n\n \n\n \n5. AI Agents Creating Exploits \u2014 OpenHands Container Security Posture Review\n \n\n \nResearch: Benchmark published May 15 demonstrates AI agents can create working exploits, not merely identify vulnerabilities. [TheRegister 2026-05-15]\n \nMerlin component: OpenHands persistent container (Phase 1 plan: upgrade to full UI image). Merlin child agents run inside this container with access to code execution, file system, and network tools.\n \nImplementation: Before promoting the persistent container to API mode, audit: (1) network egress rules \u2014 child agents should not be able to reach external hosts except whitelisted APIs; (2) file system scope \u2014 mount only required directories; (3) tool whitelist \u2014 disable shell execution tools not required for current Phase 1 tasks. The OpenHands upgrade plan is the right time to implement these controls.\n \nBuild priority: [HIGH] \u2014 security posture must be verified before autonomous container runs without Marc watching.\n \n \n\n \n\n \nOpen Questions\n \n\n \nAPWA's parallel dispatch requires that blackboard artifact writes from parallel branches do not conflict \u2014 is Merlin's current upsert schema safe for concurrent writes from sibling agents targeting the same parent artifact?\n \nCoE uncertainty quantification (ArXiv 2603.28360) requires multiple model families \u2014 Merlin's current constraint is ChatGPT Pro OAuth only. What is the minimum viable multi-model setup that satisfies Golden Rule 6?\n \n \n \n\n\n \n\n \n\n Military / Geopolitical\n 2 ITEMS\n \n \n\n \n\n \nBLUF\n \nUSS Gerald R. Ford CSG returns to Norfolk today after a record 11-month deployment, closing the longest continuous carrier deployment in recent history. Separately, the sustained Middle East operational tempo is generating resource pressure that may limit Navy readiness recovery for the next 12\u201318 months.\n \n\n \nUSS Gerald R. Ford Carrier Strike Group Returns to Norfolk After Record 11-Month Deployment\n \n\n \nThe Ford CSG is scheduled to return to Naval Station Norfolk on Saturday, May 16, after an 11-month deployment \u2014 the longest of any US carrier in recent history. [USNI 2026-05-15]\n \nDefense Secretary Pete Hegseth is expected to be present for the homecoming ceremony. [USNI 2026-05-15]\n \nThe deployment extended significantly beyond the standard 7\u20139 month rotation, driven by Middle East operational requirements following the conflict escalation in late 2025.\n \nThe Ford's return reduces the US to one forward-deployed carrier in the Middle East theater unless a replacement departs promptly \u2014 typical turnaround for a returning CSG before next deployment is 18\u201324 months.\n \n \n\n \nContext\n \nAn 11-month deployment is operationally significant: crew fatigue, deferred maintenance, and personnel retention effects are compounded. The return signals near-term US carrier posture reduction in the Middle East unless the Navy accelerates a replacement deployment, which current manning data (below) suggests may be constrained.\n \n \n\n \nOpen Question\n \n\n \nWhich CSG is next in the deployment rotation for Middle East/CENTCOM, and has it received orders yet?\n \n \n\n \nMiddle East Conflict Costs Could Restrict Sailor Flow to A-Schools and Reenlistment Bonuses\n \n\n \nUSNI reports that the sustained operational cost of Middle East conflict operations is generating budgetary pressure that may restrict the Navy's ability to fund A-school pipelines and reenlistment bonuses through FY2027. [USNI 2026-05-15]\n \nA-schools (rating training pipelines) are the primary mechanism for developing qualified enlisted specialists \u2014 restriction would compound readiness gaps already created by extended deployments.\n \nReenlistment bonuses are a key retention lever for critical rates (nuclear, aviation, cryptology); funding cuts would likely accelerate separation of experienced personnel at precisely the moment high-optempo operations are drawing down experienced crews.\n \n \n\n \nContext\n \nThis is a compounding readiness signal: extended deployments degrade crew quality (fatigue, reduced training), budget pressure restricts the pipeline that replaces losses, and bonus cuts increase separation rates. The combination describes a structural readiness degradation cycle, not a temporary personnel spike.\n \n \n\n\n \n\n \n\n Economic\n FRED \u00b7 14 SERIES\n \n \n\n \n\n \nBLUF\n \nCredit markets signal low stress, yield curve normalized to +50bps, VIX at 17.3 \u2014 a benign risk environment. Labor remains healthy at 211k initial claims. The primary structural tension is energy: real-asset costs (power, housing) are rising while financial conditions ease, creating a two-speed economy that disproportionately affects compute-intensive businesses.\n \n\n \n\n \n\n \n \n Indicator\n Definition\n Current\n Date\n vs. 1yr ago\n Interpretation\n \n \n \n \n T10Y2Y\n 10Y\u20132Y Treasury Yield Spread. Negative = inverted (recession signal); positive = normal curve.\n +0.50%\n May 15\n +0.50% (flat)\n Curve fully normalized. No recession signal. Flat YoY \u2014 stabilized.\n \n \n VIXCLS\n CBOE Volatility Index. Measures expected 30-day S&P 500 volatility. Below 15 = complacent; 15\u201320 = normal; above 30 = crisis.\n 17.26\n May 14\n 17.83 (\u22120.57)\n Normal range, declining. No elevated market fear.\n \n \n GS10\n 10-Year Treasury Yield. Risk-free rate benchmark. Above 4.5% historically tightens financial conditions.\n 4.32%\n Apr 1\n 4.28% (+0.04)\n Elevated but stable. Still above historical neutral; cost of capital remains high.\n \n \n SOFR\n Secured Overnight Financing Rate. Proxy for Fed funds rate and short-term borrowing cost.\n 3.56%\n May 14\n 3.64% (\u22120.08)\n Gradual easing underway. Fed still in restrictive territory but trending lower.\n \n \n ICSA\n Initial Jobless Claims. Weekly new unemployment filings. Healthy below 250k; concerning above 350k.\n 211,000\n May 9\n 208,000 (+3k)\n Healthy labor market. Minimal change YoY \u2014 no layoff surge signal.\n \n \n BAMLH0A0HYM2\n High Yield Option-Adjusted Spread. Credit risk premium on junk bonds. Below 300bps = low stress; above 600bps = crisis.\n 276bps\n May 14\n 285bps (\u22129)\n Very low credit stress, tightening. Risk-on market environment.\n \n \n BAMLH0A3HYC\n CCC-rated High Yield OAS. Distressed credit signal \u2014 tracks companies near default.\n 922bps\n May 14\n 911bps (+11)\n Distressed tail slightly wider YoY \u2014 marginal companies more stressed than headline suggests.\n \n \n WM2NS\n M2 Money Supply (nominal). Total money in circulation. YoY growth indicates monetary expansion.\n $23,115B\n Apr 6\n $22,539B (+2.6%)\n Moderate money supply growth \u2014 consistent with continued economic expansion at current inflation levels.\n \n \n CSUSHPINSA\n Case-Shiller Home Price Index. National housing price level. Rising = shelter inflation pressure.\n 327.3\n Feb 1\n 325.1 (+0.7%)\n Housing prices still elevated, slow YoY growth. Affordability remains constrained.\n \n \n FRGSHPUSM649NCIS\n Freight Shipments Index. Proxy for goods-economy activity. Declining = supply chain/demand contraction.\n 1.011\n Apr 1\n 1.058 (\u22124.4%)\n Freight activity below year-ago levels \u2014 goods economy softening even as services/AI spending rises.\n \n \n VISASMINSA\n Visa Applications (initial stage). Leading indicator of labor demand and immigration-driven workforce growth.\n 97.98\n Apr 1\n 100.29 (\u22122.3%)\n Visa demand declining YoY \u2014 labor supply from immigration pathway is contracting.\n \n \n \n \n\n \n\n \nComposite Reading\n \nFinancial conditions are loose (low VIX, tight credit spreads, normalizing curve), which historically correlates with continued risk asset performance. The divergence is in real-asset costs: power prices up 76%, housing prices elevated, freight declining. This combination \u2014 easy money, expensive physical inputs \u2014 creates margin pressure for businesses with significant physical infrastructure costs, including AI compute operations. The CCC-rated spread widening (+11bps YoY) while headline HY tightens suggests a bifurcated credit market: strong companies getting stronger financing terms, marginal companies increasingly stressed.\n \n \n\n\n \n\n \n\n Tech\n 2 STORIES \u00b7 npm/PyPI\n \n \n\n \n\n \nBLUF\n \nOpenAI launched ChatGPT personal finance with direct bank connectivity \u2014 an agentic data product that marks OpenAI's first move into financial services infrastructure. Separately, Orthrus-Qwen3's 7.8\u00d7 inference throughput gain represents the most significant open-model efficiency result this week and has direct implications for self-hosted agent cost models.\n \n\n \nOrthrus-Qwen3 Achieves 7.8\u00d7 Token Throughput with Identical Output Distribution\n \n\n \nA technique published on Hacker News (May 15) applies a speculative decoding variant to Qwen3 models and achieves 7.8\u00d7 tokens-per-forward-pass with output distribution statistically identical to standard inference. [HN 2026-05-15]\n \nThe improvement is realized without model retraining \u2014 applied as an inference-time optimization to existing Qwen3 checkpoints.\n \nAt 7.8\u00d7 throughput, the cost-per-token of Qwen3 inference decreases proportionally \u2014 a 600B parameter model would run at effective cost of a ~77B model.\n \nThe technique has not yet been independently replicated or published on ArXiv as of May 16; claims should be verified against the source implementation before production adoption.\n \n \n\n \nContext\n \nSpeculative decoding techniques require a draft model that predicts likely continuations, which the main model then verifies in parallel. The Orthrus approach appears to use a novel draft architecture specific to Qwen3's attention patterns. If the throughput claim holds under independent replication, this is the largest inference efficiency gain on an open-weight model reported this year and changes the economics of self-hosted agentic systems significantly.\n \n \n\n \nOpen Question\n \n\n \nDoes the 7.8\u00d7 throughput hold at batch sizes relevant to agentic workloads (single-stream, long-context), or only at high-throughput batch inference?\n \n \n\n \nOpenAI Launches ChatGPT Personal Finance with Direct Bank Account Connectivity\n \n\n \nOpenAI released a personal finance feature within ChatGPT that allows users to connect bank accounts directly, enabling the model to analyze transaction history, categorize spending, and provide financial recommendations. [TechCrunch 2026-05-15]\n \nThe feature is positioned as an agentic financial advisor \u2014 the model takes action on connected data rather than answering abstract questions.\n \nBank connectivity implies OAuth integration with financial data aggregators (likely Plaid or equivalent), creating a structured data pipeline from personal financial accounts into GPT-5 context.\n \nOpenAI also published blog posts on May 15 targeting enterprise use cases: sales teams, business operations, and data science workflows using Codex agents. [OpenAI 2026-05-15]\n \n \n\n \nContext\n \nOpenAI moving into personal finance is significant not as a financial product but as a demonstration of the agentic data integration pattern: structured external data \u2192 LLM context \u2192 actionable recommendations. This is the same pattern applicable to any vertical. For Merlin, this validates the micro-SaaS opportunity in domain-specific agentic data products. For Supabase, OpenAI becoming a consumer of financial data APIs is a potential enterprise PostgreSQL workload \u2014 financial data aggregation at scale benefits from Supabase's real-time and edge capabilities.\n \n\n \nnpm / PyPI \u2014 Ecosystem Download Trends\n \n\n \n\n \n PackageWeekly DLMonthly DLGrowth RatioSignal\n \n \n @supabase/supabase-js15.71M80.86M0.84\u26a0 Below 1.0 \u2014 weekly below monthly run rate\n prisma12.48M47.21M1.14Above monthly avg\n drizzle-orm9.38M35.97M1.13Above monthly avg\n firebase7.56M30.67M1.07Tracking\n aws-sdk9.90M40.71M1.05Tracking\n convex0.64M2.62M1.06Tracking\n @neondatabase/serverless1.75M7.66M0.99Flat\n @planetscale/database0.19M0.84M1.00Flat\n \n \n \n \n\n \nSupabase-js growth ratio 0.84 \u2014 weekly downloads (15.71M) are below the monthly weekly average (80.86M \u00f7 4.33 = 18.67M). This indicates a week of below-trend activity. Not a structural decline signal from a single week, but worth monitoring for a second consecutive week. [npm 2026-05-16]\n \nPrisma (1.14) and Drizzle-ORM (1.13) are both outperforming their monthly average this week \u2014 both are competing ORM alternatives in the Supabase ecosystem.\n \nSupabase absolute weekly volume (15.71M) remains significantly above Firebase (7.56M) \u2014 the gap is 2.08\u00d7 in Supabase's favor.\n \n \n\n \n\n \n PyPI PackageWeekly DLMonthly DL\n \n \n supabase (Python)\u2014\u2014\n sqlalchemy\u2014\u2014\n psycopg2\u2014\u2014\n \n \n \n \n\n \nNote\n \nPyPI data retrieval returned empty responses this collection cycle \u2014 pypistats.org may have rate-limited the requests. PyPI figures will be available in next briefing.\n \n \n\n\n \n\n \n\n Cybersecurity\n 4 ITEMS \u00b7 1 KEV\n \n \n\n \n\n \nBLUF\n \nAI agents demonstrated creating working exploits this week \u2014 a capability threshold crossing with direct implications for autonomous system security posture. CISA added a Microsoft Exchange XSS to KEV. CloudNativePG issued a critical PostgreSQL operator CVE fix relevant to Supabase infrastructure supply chain.\n \n\n \nAI Agents Demonstrated Creating Working Exploits, Not Just Finding Vulnerabilities\n \n\n \nA benchmark published May 15 demonstrated that AI agents \u2014 given access to code execution and network tools \u2014 can generate working exploits for known vulnerability classes, not merely identify vulnerable code patterns. [TheRegister 2026-05-15]\n \nThe capability was demonstrated on agent configurations using frontier models (GPT-5 class) with standard tool access \u2014 no jailbreak or adversarial prompting required.\n \nThe distinction from prior work: previous benchmarks showed agents could identify CVEs or describe exploitation paths. This benchmark shows end-to-end exploit generation and execution against test targets.\n \nThe research team recommends treating AI agent tool access as equivalent to developer workstation access for security policy purposes.\n \n \n\n \nContext\n \nThis finding directly affects Merlin's security posture. Merlin child agents running inside OpenHands containers with code execution, file system, and network tool access meet the conditions described in the benchmark. The security recommendation \u2014 treat agent tool access like developer workstation access \u2014 translates to: network egress controls, file system scoping, and tool whitelisting before enabling autonomous agent runs. The OpenHands persistent container upgrade (Merlin Phase 1 plan) is the correct forcing function to implement these controls.\n \n\n \n\n \n\n CISA KEV \u2014 New Entry\n dateAdded: 2026-05-15\n \n \n\n \n\n CVE-2026-42897\n Microsoft Exchange Server \u2014 Cross-Site Scripting Vulnerability\n \n \n\n \nCISA added CVE-2026-42897 to the Known Exploited Vulnerabilities catalog on May 15, 2026. [CISA KEV 2026-05-15]\n \nVulnerability type: Cross-Site Scripting (XSS) in Microsoft Exchange Server. Active exploitation confirmed in the wild.\n \nOrganizations running on-premise Exchange Server should apply Microsoft's patch immediately per CISA BOD 22-01 guidance.\n \nCloud Exchange Online (Microsoft 365) is not affected \u2014 this applies to on-premise Exchange deployments only.\n \n \n \n\n \nCloudNativePG Releases Critical CVE Fix for PostgreSQL Kubernetes Operator\n \n\n \nCloudNativePG versions 1.29.1 and 1.28.3 released on May 15, fixing a critical CVE in the PostgreSQL Kubernetes operator. [CloudNativePG 2026-05-15]\n \nCloudNativePG is the primary Kubernetes operator used to run managed PostgreSQL clusters \u2014 Supabase and many cloud PostgreSQL services use operator-based deployments.\n \nThe vulnerability class was not disclosed publicly in the initial announcement \u2014 full CVE details expected within 7 days per coordinated disclosure policy.\n \nOrganizations running CloudNativePG in production should upgrade to 1.29.1 or 1.28.3 immediately without waiting for CVE details.\n \n \n\n \nSupabase Supply Chain Signal\n \nSupabase's infrastructure team should confirm whether the production Postgres operator stack uses CloudNativePG and which version. A critical operator CVE can affect cluster integrity at the Kubernetes level \u2014 not just database-level vulnerabilities. This is a supply chain security signal, not a Supabase application vulnerability.\n \n\n \nHotel Check-In System Exposes 1 Million Passports and Driver's Licenses\n \n\n \nA hotel check-in system left approximately one million passport scans and driver's license images accessible without authentication, discovered and reported May 15. [TechCrunch 2026-05-15]\n \nThe exposure involved document images \u2014 not just metadata \u2014 stored in an unauthenticated cloud storage bucket.\n \nThe vendor has not been publicly named; the researcher who discovered it notified TechCrunch after the system was taken offline.\n \nPattern: hospitality SaaS vendors frequently store identity documents for check-in compliance with minimal security controls.\n \n \n\n\n \n\n \n\n Space\n 1 ITEM\n \n \n\n \n\n \nBLUF\n \nSpaceX launched CRS-34 to the ISS on May 15, maintaining the commercial resupply cadence. No structural space events today.\n \n\n \nSpaceX Launches CRS-34 Cargo Mission to International Space Station\n \n\n \nSpaceX successfully launched the CRS-34 commercial resupply mission to the ISS on May 15, 2026. [SpaceNews 2026-05-15]\n \nCRS-34 carries approximately 6,000 lbs of cargo including science experiments, crew supplies, and hardware for ongoing ISS maintenance.\n \nDragon capsule is scheduled to berth with the ISS within 48 hours of launch.\n \nCRS-34 is the 34th Commercial Resupply Services mission under NASA's CRS-2 contract with SpaceX.\n \n \n\n\n \n\n \n\n Energy\n LEAD \u00b7 EIA DATA\n \n \n\n \n\n \nBLUF\n \nPower prices on the US eastern grid increased 76% over the past year, directly attributed to AI datacenter demand by grid watchdogs. A grid watchdog report confirmed datacenters are the primary driver. This is a structural cost signal for any compute-intensive business with US eastern seaboard infrastructure.\n \n\n \nAI Datacenter Demand Drives 76% Power Price Surge on US Eastern Grid\n \n\n \nPower prices on PJM Interconnection \u2014 the largest US grid serving 65 million people from Illinois to New Jersey \u2014 increased approximately 76% over the past year. [TechCrunch 2026-05-15]\n \nA grid watchdog report confirmed AI datacenters as the primary driver of demand growth, with hyperscaler facilities in Northern Virginia (Loudoun County) cited specifically. [TheRegister 2026-05-15]\n \nNorthern Virginia hosts the largest concentration of datacenter capacity in the world \u2014 estimated 25%+ of all US datacenter square footage.\n \nPJM grid operators have already notified hyperscalers that new datacenter connections will face multi-year interconnection queues in Virginia.\n \nA separate report cited Silicon Valley (California) facing similar energy pressure from AI workloads, with a new energy provider search underway. [TechCrunch 2026-05-15]\n \nCalifornia's grid is partially offset by the state's large battery storage capacity \u2014 a separate HN story noted California's battery array equals the output of 12 nuclear power plants. [HN 2026-05-16]\n \n \n\n \nContext\n \nA 76% power price increase on PJM is not a temporary spike \u2014 it reflects structural demand that has outpaced grid buildout. The interconnection queue constraint means new datacenter capacity cannot be added quickly, creating a supply ceiling. For hyperscalers already operating in Virginia, this is a margin compression signal. For AI inference providers pricing by token, power cost is a direct input to unit economics. For Supabase, which runs on AWS/GCP infrastructure, this pressure is partially absorbed by cloud providers but will eventually flow through to infrastructure cost increases. The California battery story (12 nuclear plants equivalent) shows the grid adaptation underway, but the pace of renewable/storage buildout is not matching the pace of AI demand growth.\n \n \n\n \nOpen Questions\n \n\n \nAt what power price level does US-based AI inference become uncompetitive versus European or Asian facilities, and is that threshold close?\n \nWill hyperscalers accelerate nuclear power purchase agreements (PPAs) \u2014 Microsoft, Google, and Amazon have all signed nuclear deals \u2014 faster than the interconnection queue resolves?\n \n \n\n \nEIA US Grid Demand \u2014 May 16, 2026\n \n\n \n\n \n RegionTypePeriodValue (MWh)\n \n \n US Lower 48Day-ahead demand forecast2026-05-164,343 (Arizona TZ)\n US Lower 48Day-ahead demand forecast2026-05-164,340 (Central TZ)\n \n \n \n \n\n \nNote\n \nEIA regional data retrieved for May 16. Values represent day-ahead demand forecasts for the US lower 48 states. These are hourly forecast values; full daily totals require summing all 24 hourly intervals across all reporting regions. Saturday demand is typically below weekday peaks.\n \n \n\n\n \n\n \n\n Analysis\n SYNTHESIS\n \n \n\n \n\n \nBLUF\n \nTwo converging structural shifts dominate today: AI inference efficiency is improving faster than AI infrastructure costs are rising, creating a window where capable agentic systems remain economically viable even as power prices surge. This window is probably 18\u201336 months wide before physical infrastructure constraints reassert pricing power.\n \n\n \n\n \nAnalysis\n \n\n \nThe 76% power price surge on PJM and the Orthrus-Qwen3 7.8\u00d7 inference efficiency result are not unrelated. They represent opposite forces in the same system: physical infrastructure costs rising as AI demand outpaces grid buildout, while algorithmic efficiency improvements reduce the compute required per inference operation. The efficiency gains \u2014 Orthrus, speculative decoding, quantization \u2014 are running faster than the energy price increases for now. This creates a window where AI-intensive businesses can absorb energy cost increases through model optimization. That window is probably 18\u201336 months, after which grid expansion (nuclear PPAs, new interconnections) either resolves supply or forces geographic relocation of inference workloads.\n\n \nOpenAI's ChatGPT personal finance launch with bank account connectivity is best read as a signal about where agentic product-market fit is being found, not as a competitive threat to financial institutions. The pattern \u2014 structured external data source, LLM as reasoning layer, actionable output \u2014 is replicable across every vertical with similar data density. OpenAI is demonstrating the template. Merlin's micro-SaaS factory is building the manufacturing capacity to replicate that template at scale across verticals before OpenAI's platform team can cover them. The probability that OpenAI builds 1,000 domain-specific agentic products in 18 months is approximately zero. The probability that a purpose-built factory can is the Merlin thesis.\n\n \nThe AI-agents-creating-exploits benchmark is a second-order readiness signal. The first-order reading \u2014 agents can now create working exploits \u2014 matters for security posture. The second-order reading matters more: this capability was demonstrated using standard tool configurations, not adversarial setups. Any agentic system with code execution access is now presumptively capable of generating exploits. Merlin child agents running in OpenHands containers with broad tool access meet that description. The container security audit recommended in the Merlin section is not optional.\n\n \nThe USS Gerald R. Ford's return after an 11-month deployment, combined with the Navy budget pressure signal on A-schools and reenlistment bonuses, describes a readiness degradation trajectory. The US is likely operating below sustainable carrier deployment tempo for the next 12\u201318 months as crews recover, budgets reset, and the personnel pipeline refills. This reduces available response capacity in the Middle East theater during that window \u2014 a constraint that Iran's reported plans to charge for Strait of Hormuz transit access may be calibrated against.\n\n \nOn Merlin specifically: the four ArXiv papers this week \u2014 APWA, self-distilled agentic RL, MeMo, and future-based async function calling \u2014 are unusually coherent as a set. Each addresses a different bottleneck in the same architectural pattern (distributed agentic orchestration), and all four are deployable without model retraining. The probability that implementing APWA's dependency graph scheduling and the future-based async harness in the same sprint would double Merlin's Phase 1 factory throughput is assessed as likely (greater than 60%).\n \n \n \n\n\n\n \n\n \nGenerated: 2026-05-16 \u00b7 ArXiv Window 6 of 13 \u00b7 Historical: 2026-03-28 to 2026-04-04\n \nSections: AI Research, Merlin Intelligence, Military/Geo, Economic, Tech, Cybersecurity, Space, Energy, Analysis\n \nOmitted: US News, Regulatory, Maritime, Podcasts (no fresh content)\n \nLEADs: 2 \u00b7 INCLUDEs: 10 \u00b7 Merlin findings: 5 \u00b7 Dropped stale: 4 \u00b7 Dropped dedup: 0\n \n \n\n\n\n", "creation_timestamp": "2026-05-16T08:20:04.000000Z"}, {"uuid": "75f7290a-095e-44d4-84d2-5fd7cd34b799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/thecybermind.co/post/3mlzwce2shz26", "content": "This week\u2019s intelligence brief covers active exploitation of Cisco SD-WAN (CVE-2026-20182), Microsoft Exchange CVE-2026-42897, PAN-OS RCE, AI-driven vulnerability discovery acceleration, SaaS tenant failures, and the emerging risks of autonomous AI agents inside enterprise environments.", "creation_timestamp": "2026-05-17T08:18:49.188324Z"}, {"uuid": "763c9c6c-c253-410f-82ad-81dfee6a78de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mm2jk2y7g22n", "content": "\ud83d\udfe0 CVE-2026-42897 - High (8.1)\n\nImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42897/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-17T14:00:59.190300Z"}, {"uuid": "36852772-89e6-4683-babf-877ab37e80c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mm2ovz774y2v", "content": "\ud83d\udccc CVE-2026-42897 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to p... https://www.cyberhub.blog/cves/CVE-2026-42897", "creation_timestamp": "2026-05-17T15:37:08.130309Z"}, {"uuid": "d74be1ff-c3a5-43dd-8b25-663e0925f7d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/etguenni.bsky.social/post/3mlxo45tspk2u", "content": "#Microsoft #Exchange: 0-Day Schwachstelle (CVE-2026-42897) wird angegriffen \n\nborncity.com/blog/2026/05...", "creation_timestamp": "2026-05-16T10:44:37.291087Z"}, {"uuid": "a4e2fd05-2616-4047-8c00-9cc2430a6d89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116583843631666405", "content": "#Microsoft #Exchange: 0-Day Schwachstelle (CVE-2026-42897) wird angegriffen \nhttps://borncity.com/blog/2026/05/16/microsoft-exchange-0-day-schwachstelle-cve-2026-42897-wird-angegriffen/", "creation_timestamp": "2026-05-16T10:45:49.094523Z"}, {"uuid": "999d0e86-9244-41ad-b400-5db33cc37d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mly6h35ewn26", "content": "\ud83d\udccc Zero-Day Vulnerability CVE-2026-42897 Actively Exploited in Microsoft Exchange Server https://www.cyberhub.blog/article/26030-zero-day-vulnerability-cve-2026-42897-actively-exploited-in-microsoft-exchange-server", "creation_timestamp": "2026-05-16T15:37:08.607746Z"}, {"uuid": "339f21b8-b29a-44ee-80cc-46676b2a9436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mlydgyginn25", "content": "Microsoft confirmed active exploitation of a zero-day in on-premises Exchange Server. CVE-2026-42897 is an Outlook Web Access spoofing flaw rooted in cross-site scripting. A crafted email opened in OWA runs arbitrary JavaScript in the user session. Exchange Online is not affected.", "creation_timestamp": "2026-05-16T17:08:21.831608Z"}, {"uuid": "2205e8a8-c069-4af4-8d07-af904880329f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mlyljs4txo2p", "content": "CISA Adds One Known Exploited Vulnerability to Catalog\nCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-42897 Microsoft Exchange Server\u2026\n\n\ud83d\udd17 https://hnow.live/a/94a074a2", "creation_timestamp": "2026-05-16T19:31:17.441036Z"}, {"uuid": "fe3484ca-f51b-4b81-bd61-805d3ef8b0a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mlypqh2ubs2g", "content": "CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day\n\nMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively expl\u2026\n#hackernews #microsoft #news", "creation_timestamp": "2026-05-16T20:46:36.319039Z"}, {"uuid": "647e51b3-e143-47d9-b9c4-c6bddaeb368f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/thehackernews/9009", "content": "\ud83d\udea8 On-prem Microsoft Exchange Server CVE-2026-42897 is under active exploitation.\n\nThe CVSS 8.1 spoofing flaw stems from XSS and can allow arbitrary JavaScript execution when crafted emails are opened in Outlook Web Access under certain conditions.\n\nRead: https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html", "creation_timestamp": "2026-05-15T07:03:19.000000Z"}, {"uuid": "0b686398-48e8-4e8e-be6c-3d7922495901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlzcx6mem62h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42511: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 51 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45062: 11 interactions\nCVE-2020-17103: 8 interactions\nCVE-2026-46333: 5 interactions\n", "creation_timestamp": "2026-05-17T02:38:51.771618Z"}, {"uuid": "cd2c8739-80f1-4b3a-a923-e127d99226c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "published-proof-of-concept", "source": "Telegram/NIJT6QRadmo1sJAEeCWMHE7rPG3mvpUh79CJ74OVXUNIdhg", "content": "", "creation_timestamp": "2026-05-15T15:00:15.000000Z"}, {"uuid": "fe881ab7-edd9-4de6-8052-715a23edfcfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "published-proof-of-concept", "source": "Telegram/q3bZ7dzwt6XdRM-jyUWUHYQhep0OmyjD4PHNSw542P5jdgA", "content": "", "creation_timestamp": "2026-05-15T15:00:07.000000Z"}, {"uuid": "2c46d961-0830-4bd2-9fe0-ce99554f1081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "published-proof-of-concept", "source": "Telegram/bDRsekGT6KsUOKSAQI-KSXDhypQzzgL-gjqbTcCXe2h_h6A", "content": "", "creation_timestamp": "2026-05-15T21:00:05.000000Z"}, {"uuid": "1f06022f-b084-42e9-abae-c5c8cbb2755b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mm3m2r7anq2q", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30921\u4ef6\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds One Known Exploited Vulnerability to Catalog #CISA (May 15)\n\nCVE-2026-42897 Microsoft Exchange Server\u306e\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-05-18T00:18:45.832977Z"}, {"uuid": "8fe13576-864a-4eba-8cc3-1099df1ecad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mm3m67bnsz2f", "content": "\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u306eMicrosoft Exchange Server\u306e\u8106\u5f31\u6027CVE-2026-42897\u304c\u3001\u7d30\u5de5\u3055\u308c\u305f\u30e1\u30fc\u30eb\u3092\u4ecb\u3057\u3066\u60aa\u7528\u3055\u308c\u308b \n\nOn-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email #HackerNews (May 15)\n\nthehackernews.com/2026/05/on-p...", "creation_timestamp": "2026-05-18T00:20:42.232531Z"}, {"uuid": "ef20e176-766e-4196-be87-f527abf147df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mm3tgsl54a2v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 54 interactions\nCVE-2026-31431: 43 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2025-55182: 18 interactions\nCVE-2026-31635: 5 interactions\nCVE-2025-53892: 4 interactions\n", "creation_timestamp": "2026-05-18T02:30:46.405920Z"}, {"uuid": "37b0930e-0b16-4c38-8548-dda15b87e845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/technieuwsvandaag.bsky.social/post/3mm3wmvk53k2a", "content": "Kritiek Exchange-lek actief misbruikt door aanvallers\n\nMicrosoft Exchange Server heeft een ernstig beveiligingslek. Het gaat om CVE-2026-42897, een kwetsbaarheid in Outlook Web Access (OWA).\n\n#ExchangeServer #XSS #OWA", "creation_timestamp": "2026-05-18T03:28:04.743903Z"}, {"uuid": "9c6200f3-fdc8-4a1b-9a7e-269d91a373e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "Telegram/iPSglpAGsfjEfnMpqgxwDepKiB54uRFWCtz84IdptregMA", "content": "", "creation_timestamp": "2026-05-15T11:47:48.000000Z"}, {"uuid": "4c698130-7013-4ebd-a819-866e9f8caccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10406", "content": "On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email \u2013 thehackernews.com\n\nFri, 15 May 2026 14:19:04", "creation_timestamp": "2026-05-15T08:04:00.000000Z"}, {"uuid": "cefd4fdb-9e21-4e57-8e0e-1af064751c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html", "content": "Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.\nThe vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.\n\"", "creation_timestamp": "2026-05-15T04:19:04.000000Z"}, {"uuid": "71fdf8e9-eb0d-4bd6-8547-f77f62426af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mm4bhkbw6r2c", "content": "Microsoft and CISA are practically begging us to fix CVE-2026-42897 before the entire internet moves into our local Exchange 2016 and 2019 servers. This affects every organization still clinging to the dream of hosting their own email infrastructure instead of outsourcing the hea...\n\nRead full story", "creation_timestamp": "2026-05-18T06:41:43.331404Z"}, {"uuid": "b64bc77d-d811-4574-9fc6-41fa4f8a1465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mlv3fch3nr2s", "content": "\ud83d\udd12 On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email\n\nMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it...\n\nhttps://is.gd/3iCbNC #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-15T10:04:27.280113Z"}, {"uuid": "f34bc84c-723c-4289-824d-3edb9208c07a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mlv3hnp7v52s", "content": "Microsoft confirms active exploitation of CVE-2026-42897 in Exchange on-premise servers. CISA issued an alert as permanent patches are restricted to ESU customers. #Cybersecurity #InfoSec https://deafnews.it/en/article/exchange-on-prem-xss-0-day-sfruttata-patch-solo-per-alcuni", "creation_timestamp": "2026-05-15T10:06:01.529261Z"}, {"uuid": "14e85b12-4889-4eab-8cfe-bbd95b81d3c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mlvazufdxk22", "content": "Microsoft warns of CVE-2026-42897, a high-severity Exchange spoofing flaw exploited via crafted emails to run JavaScript in Outlook on the web. Mitigations are available for Exchange Server 2016, 2019, and SE. #Microsoft #ExchangeServer #CVE202642897", "creation_timestamp": "2026-05-15T11:45:26.921813Z"}, {"uuid": "d04d1512-cf25-457b-b4b3-deb5c511e362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://gist.github.com/stone776/05f580110d53f6162cb97ec0e6362231", "content": "\n\n\n \n \n TARDIS Intelligence Briefing -- 2026-05-18\n \n \n *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }\n\n :root {\n --tardis-deep: #020b18;\n --tardis-dark: #061627;\n --tardis-mid: #0c2240;\n --tardis-surface: #0f2a4a;\n --tardis-panel: #132f52;\n --tardis-edge: #1a3d66;\n --tardis-blue: #1e6fba;\n --tardis-blue-bright: #3498db;\n --tardis-blue-glow: rgba(52, 152, 219, 0.15);\n --tardis-gold: #f4c430;\n --tardis-gold-dim: rgba(244, 196, 48, 0.12);\n --tardis-amber: #e89e2d;\n --tardis-green: #50c878;\n --tardis-green-soft: rgba(80, 200, 120, 0.12);\n --tardis-red: #e74c3c;\n --tardis-text: #c8dce8;\n --tardis-text-dim: #7a9ab8;\n --tardis-text-muted: #4a6a85;\n }\n\n body {\n background: var(--tardis-deep);\n color: var(--tardis-text);\n font-family: 'Rajdhani', sans-serif;\n font-weight: 400;\n min-height: 100vh;\n line-height: 1.55;\n }\n\n ::-webkit-scrollbar { width: 5px; }\n ::-webkit-scrollbar-track { background: var(--tardis-deep); }\n ::-webkit-scrollbar-thumb { background: var(--tardis-edge); border-radius: 3px; }\n\n .console-header {\n background: var(--tardis-dark);\n border-bottom: 2px solid var(--tardis-blue);\n padding: 16px 36px;\n display: flex;\n align-items: center;\n justify-content: space-between;\n position: relative;\n overflow: hidden;\n }\n\n .console-header::before {\n content: '';\n position: absolute;\n top: 0; left: 0; right: 0;\n height: 2px;\n background: linear-gradient(90deg, transparent 0%, var(--tardis-blue-bright) 30%, var(--tardis-gold) 50%, var(--tardis-blue-bright) 70%, transparent 100%);\n }\n\n .console-brand { display: flex; align-items: center; gap: 14px; }\n\n .tardis-icon {\n width: 38px; height: 38px;\n border: 2px solid var(--tardis-blue);\n border-radius: 4px;\n display: flex; align-items: center; justify-content: center;\n background: var(--tardis-mid);\n flex-shrink: 0;\n }\n\n .tardis-icon::before {\n content: '';\n width: 10px; height: 10px;\n background: var(--tardis-gold);\n border-radius: 50%;\n }\n\n .console-title-block { display: flex; flex-direction: column; gap: 2px; }\n\n .console-title {\n font-family: 'Orbitron', sans-serif;\n font-size: 1.05em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.14em;\n color: var(--tardis-gold);\n }\n\n .console-subtitle {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.7em; color: var(--tardis-text-dim);\n text-transform: uppercase; letter-spacing: 0.18em;\n }\n\n .console-readout { display: flex; align-items: center; gap: 24px; }\n\n .readout-date {\n font-family: 'Share Tech Mono', monospace;\n font-size: 1.1em; color: var(--tardis-gold); letter-spacing: 0.06em;\n }\n\n .readout-classification {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.62em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.12em;\n color: var(--tardis-text-dim);\n background: var(--tardis-mid);\n border: 1px solid var(--tardis-edge);\n padding: 5px 14px; border-radius: 3px;\n }\n\n .weather-readout {\n font-family: 'Share Tech Mono', monospace;\n color: var(--tardis-text-dim); font-size: 0.85rem; letter-spacing: 0.5px;\n }\n\n .page-layout {\n display: grid;\n grid-template-columns: 200px 1fr;\n min-height: calc(100vh - 74px);\n }\n\n .nav-sidebar {\n background: var(--tardis-dark);\n border-right: 1px solid var(--tardis-edge);\n padding: 28px 0;\n position: sticky; top: 0;\n height: calc(100vh - 74px);\n overflow-y: auto;\n }\n\n .nav-sidebar::-webkit-scrollbar { width: 3px; }\n .nav-sidebar::-webkit-scrollbar-thumb { background: var(--tardis-edge); }\n\n .nav-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.2em;\n color: var(--tardis-text-muted);\n padding: 0 20px 12px;\n }\n\n .nav-item {\n display: flex; align-items: center; gap: 10px;\n padding: 9px 20px; cursor: pointer;\n border-left: 3px solid transparent;\n text-decoration: none;\n color: var(--tardis-text-dim);\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.85em; font-weight: 500; line-height: 1.2;\n }\n\n .nav-item:hover {\n color: var(--tardis-text);\n background: var(--tardis-mid);\n border-left-color: var(--tardis-blue-bright);\n }\n\n .nav-num {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.78em; color: var(--tardis-text-muted);\n width: 18px; text-align: right; flex-shrink: 0;\n }\n\n .nav-divider { height: 1px; background: var(--tardis-edge); margin: 12px 20px; }\n\n .main-content { padding: 32px 40px 60px; max-width: 900px; }\n\n .section-chrome {\n border: 1px solid var(--tardis-edge);\n border-radius: 6px; overflow: hidden;\n background: var(--tardis-dark);\n margin-bottom: 28px;\n }\n\n .section-chrome-header {\n background: var(--tardis-mid);\n padding: 11px 18px;\n display: flex; align-items: center; justify-content: space-between;\n border-bottom: 1px solid var(--tardis-edge);\n }\n\n .section-chrome-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.68em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.16em;\n color: var(--tardis-text);\n display: flex; align-items: center; gap: 9px;\n }\n\n .label-indicator {\n width: 7px; height: 7px; border-radius: 50%;\n background: var(--tardis-green); flex-shrink: 0;\n }\n\n .label-indicator.gold { background: var(--tardis-gold); }\n .label-indicator.blue { background: var(--tardis-blue-bright); }\n .label-indicator.red { background: var(--tardis-red); }\n .label-indicator.amber { background: var(--tardis-amber); }\n\n .section-chrome-badge {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.72em; color: var(--tardis-text-dim);\n background: var(--tardis-dark);\n padding: 2px 9px; border-radius: 3px;\n border: 1px solid var(--tardis-edge);\n }\n\n .section-chrome-body { padding: 22px 24px; }\n\n .bluf-block {\n border-left: 3px solid var(--tardis-gold);\n background: var(--tardis-gold-dim);\n padding: 12px 16px; margin-bottom: 18px;\n border-radius: 0 4px 4px 0;\n }\n\n .bluf-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.2em;\n color: var(--tardis-gold); margin-bottom: 5px;\n }\n\n .bluf-text {\n font-family: 'Rajdhani', sans-serif;\n font-size: 1.05em; font-weight: 600;\n color: var(--tardis-text); line-height: 1.4;\n }\n\n .fact-list { list-style: none; margin-bottom: 16px; }\n\n .fact-list li {\n font-size: 0.97em; font-weight: 500;\n color: var(--tardis-text);\n padding: 5px 0 5px 18px; position: relative;\n line-height: 1.45;\n border-bottom: 1px solid rgba(26, 61, 102, 0.35);\n }\n\n .fact-list li:last-child { border-bottom: none; }\n\n .fact-list li::before {\n content: ''; position: absolute;\n left: 0; top: 13px;\n width: 6px; height: 6px;\n border: 1px solid var(--tardis-blue-bright);\n border-radius: 1px; transform: rotate(45deg);\n }\n\n .fact-list .source-tag {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.78em; color: var(--tardis-text-muted); font-weight: 400;\n }\n\n .context-block {\n background: var(--tardis-surface);\n border: 1px solid var(--tardis-edge);\n border-radius: 4px; padding: 12px 16px; margin-bottom: 14px;\n }\n\n .context-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.18em;\n color: var(--tardis-text-muted); margin-bottom: 6px;\n }\n\n .context-text {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em; color: var(--tardis-text-dim); line-height: 1.5;\n }\n\n .open-questions { margin-top: 12px; }\n\n .open-questions-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.58em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.18em;\n color: var(--tardis-text-muted); margin-bottom: 7px;\n }\n\n .open-questions ul { list-style: none; }\n\n .open-questions li {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.9em; color: var(--tardis-text-dim);\n font-style: italic;\n padding: 3px 0 3px 14px; position: relative;\n }\n\n .open-questions li::before {\n content: '?'; position: absolute; left: 0;\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.85em; color: var(--tardis-amber); font-style: normal;\n }\n\n .data-table-wrap { overflow-x: auto; margin-bottom: 16px; }\n\n table { width: 100%; border-collapse: collapse; font-size: 0.9em; }\n thead { background: var(--tardis-surface); }\n\n th {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.62em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.12em;\n color: var(--tardis-text-dim);\n padding: 9px 14px; text-align: left;\n border-bottom: 1px solid var(--tardis-edge); white-space: nowrap;\n }\n\n td {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.88em; color: var(--tardis-text);\n padding: 8px 14px;\n border-bottom: 1px solid rgba(26, 61, 102, 0.4); line-height: 1.35;\n }\n\n td.label-cell {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em; font-weight: 600; color: var(--tardis-text-dim);\n }\n\n td.positive { color: var(--tardis-green); }\n td.negative { color: var(--tardis-red); }\n td.neutral { color: var(--tardis-text-muted); }\n tr:hover td { background: rgba(12, 34, 64, 0.5); }\n\n .kev-block {\n background: rgba(231, 76, 60, 0.07);\n border: 1px solid rgba(231, 76, 60, 0.25);\n border-radius: 4px; padding: 12px 16px; margin-bottom: 14px;\n }\n\n .kev-label {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.6em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.18em;\n color: var(--tardis-red); margin-bottom: 8px;\n }\n\n .kev-entry {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em; color: var(--tardis-text);\n padding: 4px 0;\n border-bottom: 1px solid rgba(231, 76, 60, 0.15); line-height: 1.4;\n }\n\n .kev-entry:last-child { border-bottom: none; }\n\n .kev-cve {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.88em; color: var(--tardis-red); font-weight: 400;\n }\n\n .kev-none {\n font-family: 'Rajdhani', sans-serif;\n font-size: 0.93em; color: var(--tardis-text-muted); font-style: italic;\n }\n\n .story-headline {\n font-family: 'Rajdhani', sans-serif;\n font-size: 1.08em; font-weight: 700;\n color: var(--tardis-blue-bright);\n margin: 16px 0 8px 0; line-height: 1.3;\n }\n\n .priority-high { color: var(--tardis-red); font-weight: 700; }\n .priority-medium { color: var(--tardis-amber); font-weight: 700; }\n .priority-explore { color: var(--tardis-green); font-weight: 700; }\n\n .finding { margin-bottom: 20px; }\n .finding-title { font-family: 'Rajdhani', sans-serif; font-size: 1.08em; font-weight: 700; color: var(--tardis-blue-bright); margin: 16px 0 8px 0; line-height: 1.3; }\n .finding-body p { font-size: 0.95em; color: var(--tardis-text); line-height: 1.5; margin-bottom: 8px; }\n .finding-body code { font-family: 'Share Tech Mono', monospace; font-size: 0.88em; color: var(--tardis-amber); background: rgba(232,158,45,0.1); padding: 1px 5px; border-radius: 3px; }\n\n #s13 .section-chrome-header { background: var(--tardis-gold-dim); border-bottom-color: rgba(244,196,48,0.25); }\n #s13 { border-color: var(--tardis-gold); }\n #s13 .section-chrome-body p { font-size: 0.97em; color: var(--tardis-text); line-height: 1.6; margin-bottom: 1.1em; }\n\n .metadata-footer {\n background: var(--tardis-dark);\n border-top: 1px solid var(--tardis-edge);\n padding: 18px 40px; margin-top: 8px;\n }\n\n .metadata-grid { display: flex; flex-wrap: wrap; gap: 20px 36px; }\n\n .metadata-item { display: flex; flex-direction: column; gap: 2px; }\n\n .metadata-key {\n font-family: 'Orbitron', sans-serif;\n font-size: 0.55em; font-weight: 700;\n text-transform: uppercase; letter-spacing: 0.18em;\n color: var(--tardis-text-muted);\n }\n\n .metadata-value {\n font-family: 'Share Tech Mono', monospace;\n font-size: 0.82em; color: var(--tardis-text-dim);\n }\n \n\n\n\n\n\n \n\n \n\n \n\n \nIntelligence Briefing\n \nOSINT-First / IC Editorial Standards / CLAUDE Synthesis\n \n \n \n\n \n2026-05-18 / MONDAY\n \nOSINT Only\n \nOvercast | 56–68°F · La Jolla\n \n\n\n\n\n\n \n\n \nSections\n 01 AI Research\n 02 Merlin Intel\n 03 Military / Geo\n 04 Economic\n 05 Tech Industry\n 06 Cybersecurity\n 07 Regulatory\n 08 Space\n \n\n AI Analysis\n // Metadata\n \n\n \n\n\n\n\n \n\n \n\n \n 01 / AI Research\n \n \nAI-RESEARCH\n \n \n\n \n\n \nBLUF\n \nFour papers this window address agent memory and decision quality: FORGE enables self-improving memory without weight updates; Look Before You Leap documents premature exploitation as the dominant agent failure mode; and arXiv's enforcement of a 1-year author ban signals that AI-generated research flooding will be institutionally suppressed before it degrades signal quality in these feeds.\n \n\n \nFORGE: Self-Evolving Agent Memory Without Weight Updates via Population Broadcast\n \n\n \nLLM agents improve decision-making quality through self-generated memory shared via Population Broadcast, requiring no gradient updates or fine-tuning. [ArXiv cs.AI, 2026-05-15]\n \nSuccessful decision patterns are broadcast to a shared population memory store; subsequent agent instances retrieve and apply relevant patterns before acting.\n \nThe mechanism operates entirely at the prompt and retrieval layer \u2014 compatible with any inference API including ChatGPT Pro OAuth.\n \nEvaluated across sequential decision tasks; agents with Population Broadcast access consistently outperform agents with no memory or standard in-context memory on novel task variants.\n \n\n \nLook Before You Leap: Premature Exploitation Is the Primary LLM Agent Failure Mode\n \n\n \nLLM agents fail in unfamiliar environments primarily due to premature exploitation of limited initial context \u2014 acting on insufficient state rather than first exploring environment structure. [ArXiv cs.AI, 2026-05-15]\n \nThe paper proposes an autonomous exploration phase before commitment: agents survey available actions, tools, and resources before generating an execution plan.\n \nThe failure mode is distinct from hallucination \u2014 agents are using accurate context but incomplete context, leading to locally-optimal but globally-suboptimal plans.\n \nExploration-first agents show improved success rates across unfamiliar tool-use environments; the cost is additional tokens upfront.\n \n\n \nRecMem: Recurrence-Based Memory Consolidation for Long-Running LLM Agents\n \n\n \nExternal memory systems for long-running user-agent interactions benefit from recurrence-based consolidation rather than flat retrieval \u2014 periodic summarization of interaction history improves retrieval precision at scale. [ArXiv cs.AI, 2026-05-15]\n \nThe paper addresses memory degradation in agents that accumulate hundreds of interaction records \u2014 flat retrieval over a large memory corpus degrades precision over time.\n \nRecurrent consolidation produces hierarchical memory summaries; retrieval operates against summary layers rather than raw interaction records for distant history.\n \n\n \narXiv Institutes 1-Year Author Ban for AI-Generated Papers \u2014 Integrity Enforcement Escalates\n \n\n \narXiv has announced a 1-year submission ban for authors who submit papers where AI systems performed all substantive research and writing work. [TechCrunch, 2026-05-16]\n \nThe policy targets papers where the human contribution is limited to prompt engineering or light editing \u2014 not papers that use AI as a writing tool with substantial human intellectual contribution.\n \nPCMag reports arXiv framed the enforcement as a response to submission volume growth straining reviewer capacity and degrading signal quality across the repository.\n \nThe policy does not prevent AI-assisted research; it targets fully AI-generated submissions. Enforcement relies on human reviewer flagging and author attestation.\n \n\n \n\n \nContext\n \nThree of the four LEAD and INCLUDE papers this window address the same fundamental problem: agents operating on incomplete or degrading context. FORGE addresses it with shared memory accumulation. Look Before You Leap addresses it with mandatory exploration. RecMem addresses it with hierarchical consolidation for long-running sessions. The convergence suggests an emerging consensus that context completeness \u2014 not model capability \u2014 is the primary lever for agent reliability. The arXiv enforcement decision is a signal that the research pipeline itself is under institutional pressure; the volume of AI-generated submissions had become sufficient to require policy intervention.\n \n\n \n\n \nOpen Questions\n \n\n \nFORGE's Population Broadcast requires a shared memory store accessible across agent instances. For multi-tenant agent deployments, what isolation model prevents cross-customer pattern leakage?\n \nDoes the arXiv ban apply retroactively to already-submitted papers, or only prospectively? If retroactive, what happens to citations of flagged papers?\n \n \n \n\n\n\n\n\n \n\n \n\n \n 02 / Merlin Intelligence\n \n \nMERLIN\n \n \n\n\n \n\n \nBLUF\n \nFORGE's Population Broadcast mechanism resolves a core Phase 1 gap: the orchestrator now has a zero-infrastructure path to accumulate and query learned decision patterns across cycles \u2014 implement as a decision_trace artifact type before Phase 2.\n \n\n \n[HIGH] FORGE Population Broadcast \u2014 Close the Blackboard Self-Learning Loop\n \n\n \nFORGE (ArXiv 2026-05-15, cs.AI) demonstrates LLM agents improving decision-making through self-generated memory without gradient updates or fine-tuning. [ArXiv cs.AI 2026-05-15]\n \nAgents broadcast successful decision patterns to a shared population memory store; future instances query this store before acting. The mechanism is entirely prompt and retrieval \u2014 no model changes required.\n \nMerlin's orchestrator currently starts cold on every cycle: no feedback from successful prior runs flows back into dispatch decisions. Each orchestrator invocation re-derives strategy from blackboard state alone.\n \nFORGE maps directly to Merlin's architecture: each completed orchestrator cycle with Judge confidence \u2265 92 writes a decision_trace artifact (action_taken, why, outcome, confidence) to blackboard_artifacts. Orchestrator skill queries top-5 similar traces via pgvector before dispatching child agents.\n \n \n\n \nImplementation\n \nTarget: blackboard_artifacts schema + merlin_orchestrator skill. Action: Add decision_trace artifact type; modify orchestrator SKILL.md to query similar traces as first step. Zero new infrastructure \u2014 pgvector similarity search already exists. Priority: [HIGH] \u2014 this sprint. Implements a Phase 3 (Evolver) capability at Phase 1 schema cost.\n \n\n \n[HIGH] OpenClaw agent-reflect \u2014 Port Conversation-Analysis Self-Improvement to Merlin Evolver\n \n\n \nOpenClaw (formerly Warelay, VoltAgent umbrella) has shipped an agent-reflect skill that performs self-improvement through systematic conversation analysis. [The Register / Simon Willison, 2026-05-17]\n \nThe skill reviews prior agent conversations, identifies recurring failure modes and successful patterns, and proposes targeted skill prompt updates. The awesome-openclaw-skills repository (VoltAgent/awesome-openclaw-skills) is publicly inspectable.\n \nMerlin's Evolver is designed to run weekly but currently requires human-triggered review. OpenClaw's pattern automates this loop at the skill layer.\n \nThe decision_trace artifacts from FORGE implementation above provide the input corpus. Evolver reads the last N traces, identifies low-confidence patterns, and proposes SKILL.md patches as blackboard artifacts for human review before application.\n \n \n\n \nImplementation\n \nTarget: skills/build/merlin_evolver/SKILL.md (create). Action: Inspect VoltAgent/awesome-openclaw-skills for agent-reflect structure. Port the analysis loop \u2014 input: decision_trace artifacts; output: proposed SKILL.md diff artifact for human review. Priority: [HIGH] \u2014 closes the Phase 1 factory self-improvement loop before Phase 2.\n \n\n \n[MEDIUM] Look Before You Leap \u2014 Mandate Blackboard Survey Before Child Agent Dispatch\n \n\n \nArXiv 2026-05-15 (cs.AI) documents that LLM agents fail in unfamiliar environments due to premature exploitation of limited initial context. An explicit exploration phase before commitment improves outcomes measurably. [ArXiv cs.AI 2026-05-15]\n \nMerlin's orchestrator reads the blackboard and dispatches specialists based on current artifact state. After multi-day pauses or when entering a new product domain, it may act on incomplete context.\n \nFix: add an orientation query as the mandatory first step in each orchestrator cycle \u2014 retrieve the 20 most recent artifacts by timestamp before generating the dispatch plan. Existing pgvector infrastructure handles this; it requires a SKILL.md edit, not a code change.\n \n \n\n \nImplementation\n \nTarget: merlin_orchestrator SKILL.md. Action: Prepend orientation step \u2014 SELECT artifact_name, version, timestamp FROM blackboard_artifacts WHERE product_id = ? ORDER BY timestamp DESC LIMIT 20 \u2014 summarize state before dispatching. Priority: [MEDIUM] \u2014 low cost, reduces cold-start failures in multi-day lifecycle runs.\n \n\n \n[EXPLORE] Argus Evidence Assembly \u2014 Research Pipeline Parallelization Pattern\n \n\n \nArgus (ArXiv 2026-05-15, cs.AI) introduces evidence assembly for deep research agents: spawn N evidence gatherers in parallel, write fragments to shared memory, then a synthesis agent assembles the final output. Even low-context agents achieve significant research progress when evidence is pre-assembled. [ArXiv cs.AI 2026-05-15]\n \nMerlin's research pipeline currently runs serially \u2014 one research agent executes a full research task. Argus suggests replacing this with parallel gatherers writing fragment artifacts to the blackboard, then a single synthesis pass.\n \nPrototype the pattern in one research skill before committing to pipeline refactor. Measure quality delta.\n \n \n\n \nImplementation\n \nTarget: skills/research/ pipeline. Action: Spike the Argus pattern on one research skill \u2014 Planner decomposes into 3-5 evidence subtasks, parallel Gatherer agents write fragment artifacts, Synthesis agent assembles. Priority: [EXPLORE] \u2014 improvement, not a blocker. Existing research pipeline is functional.\n \n\n \n\n \nOpen Questions\n \n\n \nFORGE's population broadcast queries happen before every dispatch decision. Merlin's $0 LLM constraint (ChatGPT Pro OAuth) limits concurrent calls. How many similarity lookups per cycle are sustainable before hitting ChatGPT rate limits at scale?\n \nOpenClaw's agent-reflect analyzes conversation transcripts. Merlin logs to otel_spans, not conversation logs. Is span content sufficient signal for the Evolver, or does a separate conversation_log table need to be added to the blackboard schema?\n \n \n\n \n\n\n\n\n\n \n\n \n\n \n 03 / Military & Geopolitical\n \n \nGEO\n \n \n\n \n\n \nBLUF\n \nRussian forces are assessed with moderate confidence to be regrouping along the Ukraine front line ahead of a significant push, per Ukraine military reporting from today \u2014 a trajectory signal, not a routine update.\n \n\n \nRussian Forces Regrouping Along Ukraine Front Line Ahead of Potential Offensive\n \n\n \nUkraine's military reported today that Russian forces are regrouping along the front line, described as preparation ahead of a potential significant offensive push. [Reuters, 2026-05-18]\n \nReuters reporting describes the front line as a \"kill-zone\" where new weapons \u2014 including first-person-view drones and precision artillery \u2014 have transformed the tactical engagement pattern on both sides.\n \nRussia's regrouping follows a period of attritional advances across multiple sectors; a regrouping phase before a concentrated push is consistent with prior Russian operational patterns in this conflict.\n \nNo specific sector or timeline has been confirmed. The report is based on Ukraine military characterization; independent verification of regrouping disposition is not available from open sources as of this briefing.\n \n\n \n\n \nContext\n \nThe structural significance is the phase transition signal: attritional grinding to consolidation-and-push represents a change in Russian operational tempo. If accurate, the implication is an elevated-intensity period on the front within weeks, not months. Prior briefings covered the CENTCOM three-carrier posture and Iran blockade; the Ukraine theater has been stable-to-deteriorating for Marc's interests primarily as a macro risk factor (European energy, semiconductor supply chains, US defense spending trajectory).\n \n\n \n\n \nOpen Questions\n \n\n \nWhich specific front sectors are showing regrouping indicators \u2014 Zaporizhzhia, Kherson, or Donetsk axis? The answer changes the strategic read on Russia's operational objective.\n \nHas NATO changed any force readiness posture in response to the regrouping assessment, or is this currently a Ukraine-reported signal without allied corroboration?\n \n \n \n\n\n\n\n\n \n\n \n\n \n 05 / Economic\n \n \nECON\n \n \n\n \n\n \nBLUF\n \nMacro indicators remain benign: yield curve positive, VIX calm, jobless claims stable, credit spreads low. No recession signal. Baltic Dry at a five-month high suggests trade demand is recovering.\n \n\n \nFRED Indicators \u2014 Week of May 18, 2026\n \n\n \nT10Y2Y (10Y\u20132Y Treasury Spread): +0.50 as of May 15. Plain English: the yield curve is positively sloped \u2014 longer-term rates exceed short-term rates. A positive spread means bond markets are not pricing a near-term recession. Baseline range: +50 to +200bp is normal; inversion below 0 signals recession risk. Current reading is at the low end of normal \u2014 healthy but not exuberant. YoY comparison: +0.52 (Apr 30) \u2014 essentially flat, no trend change. [FRED T10Y2Y, 2026-05-15]\n \nVIXCLS (VIX Volatility Index): 17.26 as of May 14. Plain English: market participants are pricing moderate uncertainty, not fear. VIX below 20 is considered calm. Current reading is within the normal range (15\u201325). YoY: 18.81 (Apr 29) \u2014 slightly declined, markets marginally calmer. [FRED VIXCLS, 2026-05-14]\n \nWM2NS (M2 Money Supply): $23.12 trillion as of Apr 6. Plain English: total money in circulation including bank deposits. Growth signals potential inflationary pressure; contraction signals tightening. Baseline: ~$20\u201322T was the pre-excess range. Current $23.1T is above baseline, reflecting continued monetary expansion. YoY: $22.45T (Jan 19, 2026) \u2014 M2 increased ~$670B over roughly 4 months, moderate growth. [FRED WM2NS, 2026-04-06]\n \nICSA (Initial Jobless Claims): 211,000 for week ending May 9. Plain English: weekly new unemployment filings. Below 250k is considered healthy labor market conditions. 211k is well within normal range. YoY: 211,000 (Feb 21) \u2014 labor market stability unchanged over three months. [FRED ICSA, 2026-05-09]\n \nGS10 (10-Year Treasury Yield): 4.32% as of Apr 1. Plain English: the benchmark borrowing rate for mortgages, corporate bonds, and government debt. Above 4% reflects Fed restraint \u2014 not yet cutting rates aggressively. YoY: 4.42% (May 2025) \u2014 yield slightly lower year-over-year; mild easing trend. [FRED GS10, 2026-04-01]\n \nSOFR (Secured Overnight Financing Rate): 3.56% as of May 14. Plain English: the overnight interbank lending rate, Fed funds proxy. Current 3.56% reflects the prevailing Fed funds target range. YoY: 3.63% (Apr 29) \u2014 modest drift lower, consistent with expectations for limited rate cuts. [FRED SOFR, 2026-05-14]\n \nBAMLH0A0HYM2 (High Yield OAS): 2.76% as of May 14. Plain English: the extra yield investors demand to hold junk bonds vs. Treasuries. Higher spreads signal credit stress; lower spreads signal confidence. 2.76% is low \u2014 below the 3\u20135% normal range \u2014 indicating credit markets are not pricing distress. YoY: 2.82% (Apr 29) \u2014 essentially flat. [FRED BAMLH0A0HYM2, 2026-05-14]\n \nBAMLH0A3HYC (CCC High Yield OAS): 9.22% as of May 14. Plain English: spreads for the most speculative-grade debt. Distress threshold is above 10%. 9.22% is approaching but below the distress threshold. YoY: 9.09% (Apr 29) \u2014 slight widening, worth monitoring. [FRED BAMLH0A3HYC, 2026-05-14]\n \nICSA / M2 / GS10 combined read: Labor stable, money supply growing moderately, rates elevated but easing slowly, spreads tight. The macro configuration is a soft-landing continuation \u2014 no acceleration signal in either direction. [FRED composite, 2026-05]\n \n\n \nBaltic Dry Index at Five-Month High\n \n\n \nThe Baltic Exchange dry bulk freight index reached a five-month high this week, with broad gains across Handysize, Supramax, and Panamax vessel types. [Baltic Exchange via Brave Search, 2026-05-14]\n \nCapesize rates declined despite the headline gain \u2014 the five-month high is driven by smaller vessel segments, which track general cargo and grain trade rather than iron ore and coal.\n \nA Baltic Dry recovery after the early-2026 weakness is consistent with restocking demand in European and Asian markets; not a signal of a broad commodity super-cycle.\n \n\n \n\n \nContext\n \nThe macro picture this week is a continuation of the soft-landing scenario that has held since late 2025: labor stable, credit untroubled, yield curve positive, inflation expectations anchored near 3.5%. The CCC spread drift (9.22% vs. 9.09% a month ago) is the one indicator worth watching \u2014 if it crosses 10%, it signals speculative credit deterioration. For Supabase planning purposes, the current environment supports continued developer spending; no macro-driven customer contraction signal.\n \n \n\n\n\n\n\n \n\n \n\n \n 06 / Tech\n \n \nTECH\n \n \n\n \n\n \nBLUF\n \nSupabase-js holds 16.1M weekly downloads \u2014 2.1\u00d7 Firebase, 1.27\u00d7 Prisma \u2014 with all growth rates healthy. Drizzle-orm continues accelerating. No competitive threat signal in this week's data.\n \n\n \nDeveloper Ecosystem: npm Download Trends \u2014 Week of May 18, 2026\n \n\n \n@supabase/supabase-js: 16.05M weekly / 78.9M monthly. Weekly growth rate: 16.05M \u00f7 (78.9M \u00f7 4.33) = 0.88\u00d7 \u2014 slightly below the 1.0 threshold. Monthly trend stable. [npm, 2026-05-18]\n \nprisma: 12.67M weekly / 46.6M monthly. Weekly growth rate: 12.67M \u00f7 (46.6M \u00f7 4.33) = 1.18\u00d7 \u2014 above 1.0, healthy weekly momentum. [npm, 2026-05-18]\n \ndrizzle-orm: 9.52M weekly / 35.3M monthly. Weekly growth rate: 9.52M \u00f7 (35.3M \u00f7 4.33) = 1.17\u00d7 \u2014 above 1.0, consistent strong momentum. Drizzle continues to close the gap on Prisma. [npm, 2026-05-18]\n \nfirebase: 7.59M weekly / 29.5M monthly. Rate: 1.11\u00d7 \u2014 moderate positive. Supabase-js weekly absolute remains 2.1\u00d7 Firebase. [npm, 2026-05-18]\n \naws-sdk: 9.99M weekly / 38.6M monthly. Rate: 1.12\u00d7 \u2014 steady. [npm, 2026-05-18]\n \n@neondatabase/serverless: 1.97M weekly / 7.54M monthly. Rate: 1.13\u00d7 \u2014 Neon maintaining healthy growth trajectory. [npm, 2026-05-18]\n \nconvex: 727K weekly / 2.62M monthly. Rate: 1.20\u00d7 \u2014 above the 1.2 flag threshold. Convex is growing faster than its monthly baseline this week; remains small in absolute terms. [npm, 2026-05-18]\n \n@planetscale/database: 195K weekly / 822K monthly. Rate: 1.03\u00d7 \u2014 essentially flat, consistent with PlanetScale's contraction narrative post-serverless-pivot. [npm, 2026-05-18]\n \n\n \n\n \nContext\n \nSupabase-js at 0.88\u00d7 this week means weekly downloads were slightly below the monthly average weekly pace \u2014 not a contraction signal, likely a weekend-effect artifact in the reporting window. The absolute lead (16.1M vs. Firebase at 7.6M and Prisma at 12.7M) remains decisive. Convex at 1.20\u00d7 weekly rate is worth flagging \u2014 it is growing from a small base but consistently outpacing its monthly trend. Drizzle-orm's 1.17\u00d7 sustained rate confirms its ongoing encroachment on Prisma's ORM dominance; this is not new but has not reversed.\n \n \n\n\n\n\n\n \n\n \n\n \n 07 / Cybersecurity\n \n \nCYBER\n \n \n\n \n\n \nBLUF\n \nGrafana Labs confirmed a full GitHub account compromise today \u2014 all codebase repositories exposed; Grafana is embedded in the monitoring stack of most cloud-native infrastructure deployments including Kubernetes clusters and Supabase's own observability layer.\n \n\n \nGrafana Labs GitHub Account Compromised \u2014 Full Codebase Access Confirmed\n \n\n \nGrafana Labs confirmed today that an attacker gained access to its GitHub account and obtained access to all codebase repositories. [The Register, 2026-05-18]\n \nThe Register headline characterizes the disclosure as Grafana \"admitting all its codebase are belong to someone\" \u2014 consistent with full repository read access, not just a single-repo breach.\n \nGrafana is the dominant open-source dashboard and observability platform, widely deployed in Kubernetes environments, cloud-native stacks, and DevOps pipelines. Estimated user base exceeds 10 million instances.\n \nAt time of briefing, Grafana Labs has not published an incident report detailing the attack vector, duration of access, or whether any code modifications were made. Supply chain integrity is unverified.\n \nCISA KEV has not added a Grafana-related CVE as of this briefing. No new KEV additions today; most recent was CVE-2026-42897 (Microsoft Exchange Server XSS, added 2026-05-15). [CISA KEV, 2026-05-15]\n \n\n \n\n \nContext\n \nThe supply chain risk is the primary concern, not the data exposure. Grafana is a dependency in countless CI/CD pipelines and monitoring stacks. If the attacker inserted malicious code into any Grafana repository, the blast radius is infrastructure-wide across the cloud-native ecosystem. The LiteLLM supply chain compromise (CVE-2026-42208, CISA KEV 2026-05-08) established that production AI infrastructure is actively targeted via open-source package vectors. Grafana's footprint is broader. Operators running self-hosted Grafana should verify their instance version was built from a pre-compromise commit before any update this week.\n \n\n \n\n \nOpen Questions\n \n\n \nDid the attacker have write access to any repositories, or read-only? The answer determines whether a supply chain code injection is possible or only information exposure.\n \nGrafana Cloud (hosted) vs. self-hosted: are the repositories for both products the same GitHub account, or separate? If unified, cloud customers are also potentially affected.\n \n \n \n\n\n\n\n\n \n\n \n\n \n 08 / Regulatory\n \n \nREG\n \n \n\n \n\n \nBLUF\n \nFTC begins enforcing the TAKE IT DOWN Act this month \u2014 the first new federal content-removal mandate in years, creating compliance obligations for any platform hosting user-generated content.\n \n\n \nFTC Begins Enforcing TAKE IT DOWN Act \u2014 Platform Obligations for Non-Consensual Intimate Images\n \n\n \nThe FTC announced this month it will begin enforcing the TAKE IT DOWN Act, which requires online platforms to remove non-consensual intimate images (NCII) \u2014 including AI-generated synthetic imagery \u2014 within 48 hours of a verified request. [FTC, 2026-05-18]\n \nThe Act covers both real and AI-generated intimate images; the synthetic imagery provision is the novel element extending prior NCII law to deepfake content.\n \nPlatforms face FTC enforcement action for non-compliance; the Act does not specify per-violation fines but FTC can pursue civil penalties under its standard enforcement authority.\n \nThe FTC simultaneously ordered Rollins, Inc. (pest control company) in a separate consumer protection action \u2014 the agency is active on multiple enforcement fronts under the current administration. [FTC, 2026-05-13]\n \n\n \n\n \nContext\n \nThe synthetic imagery provision is the structural precedent. This is the first federal statute in the US that explicitly creates a removal obligation for AI-generated content, establishing the regulatory pattern: AI-generated harmful content is treated equivalently to real content for platform liability purposes. The 48-hour removal window is aggressive relative to current content moderation capacity at most platforms. Any Supabase-hosted application with user-generated content or image storage has a new compliance surface to assess.\n \n\n \n\n \nOpen Questions\n \n\n \nDoes the Act's platform definition include storage infrastructure providers (object storage, CDN) or only end-user-facing content platforms? The answer determines whether Supabase Storage has direct compliance obligations.\n \nWhat verification standard satisfies a \"verified request\" under the Act? If the standard is low, the 48-hour window is more operationally demanding than it appears.\n \n \n \n\n\n\n\n\n \n\n \n\n \n 10 / Space\n \n \nSPACE\n \n \n\n \n\n \nBLUF\n \nSpace Force awarded Northrop Grumman a $398M satellite contract on Saturday; Zenk Space closes $26M today targeting a June debut \u2014 the commercial launch cadence and government procurement pipeline are both accelerating.\n \n\n \nSpace Force Awards Northrop Grumman $398 Million Satellite Contract\n \n\n \nThe US Space Force awarded Northrop Grumman a $398 million contract for satellite development on May 16. [SpaceNews, 2026-05-16]\n \nContract details regarding the satellite mission type and orbit were not disclosed in open reporting \u2014 consistent with Space Force practice for classified or sensitive capability contracts.\n \nThe award continues a pattern of large Space Force procurement actions in 2026; prior briefings covered the SpaceX NRO satellite launch (May 11) and the Google-SpaceX orbital data center talks.\n \n\n \nZenk Space Raises $26 Million, Targets June 2026 Debut Launch\n \n\n \nZenk Space closed a $26 million funding round and announced a target date of June 2026 for its first commercial launch. [SpaceNews, 2026-05-18]\n \nZenk Space is a new commercial launch entrant. Details on vehicle type, payload capacity, and launch site were not specified in the SpaceNews report.\n \nA June target from a company announcing funding today implies either vehicle development is near-complete or the company is manifesting on a rideshare mission rather than launching its own vehicle.\n \n\n \n\n \nContext\n \nSpaceX's Starship Version 3 is targeted for May 19 (tomorrow) per the prior briefing. The commercial launch market is entering a period of simultaneous new entrant activity and government procurement expansion \u2014 structurally bullish for the sector. The Northrop contract reinforces continued Space Force investment in satellite capability despite broader defense budget pressure from the missile program spending covered last week.\n \n \n\n\n\n\n\n \n\n \n\n \n 13 / Analysis\n \n \nANALYSIS\n \n \n\n\n \nThree patterns converge in today's signal set that are worth reading as a system rather than isolated events.\n\n \nSupply chain security is now targeting DevOps infrastructure directly. The Grafana Labs GitHub compromise follows the LiteLLM SQL injection KEV (May 8) and the TanStack npm supply chain incident (May 12). The pattern is not random: attackers are moving up the dependency stack toward tools that sit inside CI/CD pipelines and agent runtimes \u2014 not end-user applications. Grafana, LiteLLM, and TanStack are all components that agents, observability stacks, and developer pipelines consume as trusted infrastructure. The assessed probability that at least one additional DevOps-tier open-source tool is compromised but undisclosed is moderate-to-high given the pace of incidents. Organizations should treat any Grafana binary built or updated this week as potentially tainted until a clean-build attestation is published.\n\n \nThe arXiv enforcement action and Grafana breach are structurally related. Both represent institutions with high trust and high surface area discovering that the volume of untrusted inputs \u2014 AI-generated papers, unauthorized GitHub sessions \u2014 has exceeded their capacity to verify manually. arXiv's response is a policy gate (author ban). Grafana's is a breach disclosure. The underlying dynamic is the same: trust architectures designed for lower-volume, higher-friction inputs are failing under load. This is the macro risk to open-source research and tooling ecosystems as AI lowers the cost of both generating content and executing intrusions at scale.\n\n \nFor Merlin, today's ArXiv batch resolves a specific architectural ambiguity. FORGE's Population Broadcast and OpenClaw's agent-reflect together answer the question of how a Phase 1 factory accumulates intelligence without a dedicated fine-tuning pipeline. The answer is: write decision traces to the blackboard, query them before each dispatch, and run a reflection skill that proposes SKILL.md patches. This is achievable inside Phase 1 constraints \u2014 no new infrastructure, no model changes, no API costs beyond what ChatGPT Pro OAuth already covers. The convergence of two independent papers and one production system arriving at the same architectural pattern in the same week raises the assessed probability that this approach works at Merlin's scale from speculative to probable. The implementation window is this sprint, not Phase 3.\n\n \nUkraine regrouping adds to a risk cluster that has been building since May 12. The Iran blockade (three CSGs active), Putin's nuclear missile test, and now Russian front-line regrouping represent three separate theaters of elevated military activity within a six-day window. None individually crosses a threshold requiring strategic repositioning. In combination, assessed probability of at least one additional significant escalation event in the next 10 days is moderate. The primary downstream risk for Supabase is European enterprise procurement freeze if any of these escalate into a broader conflict signal \u2014 that is a low-probability, high-impact scenario, not a base case.\n\n \nMacro backdrop remains benign. Yield curve positive, VIX calm, spreads tight, labor stable. The soft-landing configuration has held through a period of elevated geopolitical noise \u2014 that persistence increases confidence in the base case. Brief complete.\n\n \n\n\n\n \n\n\n\n\n \n\n \n\n \nGenerated\n \n2026-05-18 01:17 PT\n \n \n\n \nBrave Search Calls\n \n44\n \n \n\n \nFRED API Calls\n \n14\n \n \n\n \nCISA KEV Fetch\n \nok (1.4MB)\n \n \n\n \nEIA API Calls\n \n1\n \n \n\n \nArXiv Papers\n \n114 fresh / 0 historical (rate-limited)\n \n \n\n \nArXiv Window\n \nIndex 8 / Historical: 2026-03-16 to 2026-03-23\n \n \n\n \nRSS Feeds\n \n23 fetched / 17 fresh items\n \n \n\n \nSections\n \n8 included / 5 omitted\n \n \n\n \nLeads\n \n3\n \n \n\n \nModel\n \nclaude-sonnet-4-6\n \n \n\n\n\n", "creation_timestamp": "2026-05-18T08:25:17.000000Z"}, {"uuid": "f6d65d1e-b80b-4924-8805-bc8dcb5493ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.acn.gov.it/portale/w/microsoft-rilevato-sfruttamento-attivo-della-cve-2026-42897", "content": "Microsoft ha rilasciato aggiornamenti di sicurezza per risolvere due nuove vulnerabilit\u00e0, una con gravit\u00e0 \u201dcritica\u201d e una con gravit\u00e0 \u201calta\u201d, che riguardano i prodotti Microsoft Authenticator e Microsoft Exchange Server. Tra queste si evidenzia la CVE-2026-42897, di tipo \u201cCross-site Scripting (XSS)\u201d, che risulta essere sfruttata attivamente in rete.", "creation_timestamp": "2026-05-15T09:54:10.000000Z"}, {"uuid": "24d2b828-281e-429b-a1a5-c524aaee0567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mm4q4ziiw325", "content": "Every on-prem Microsoft Exchange Server (2016, 2019, SE) is exposed to active zero-day exploitation. CVE-2026-42897 runs attacker JavaScript in the victim's browser via a crafted email opened in Outlook Web Access. Microsoft released an out-of-band patch May 14.", "creation_timestamp": "2026-05-18T11:04:41.145707Z"}, {"uuid": "bfdf7f98-5b80-4e88-86ce-3c41947ce0c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnnwnk23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:01:50.391888Z"}, {"uuid": "ef025988-05b3-4fc7-9c0e-164750ad917a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/bdufstecru/3174", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438\n\nBDU:2026-06919\nCVE-2026-42897\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).", "creation_timestamp": "2026-05-18T14:18:21.000000Z"}, {"uuid": "b67ad2f6-a1e9-462d-a2c6-30599576f5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnoag223", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:06:32.691728Z"}, {"uuid": "ea0bf2d5-0c98-4b6c-8150-f72c3e358921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnobfc23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:10:39.665782Z"}, {"uuid": "098a285e-66ab-483e-88a6-73d4c47c7bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnodds23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:19:49.737061Z"}, {"uuid": "ee7fd3aa-4de8-4a6b-91e9-a5a6b478e385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mm55bnoddt23", "content": "5/ \ud83d\udce7 Microsoft Exchange CVE-2026-42897 is being exploited in the wild. Critical XSS. No permanent fix yet. Only mitigations. Federal agencies under CISA deadline. Check your Exchange logs.", "creation_timestamp": "2026-05-18T15:22:00.521058Z"}, {"uuid": "481473b9-dff5-42a1-8f31-e93eb79c35cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/poxek/6119", "content": "Microsoft \u0441\u043d\u043e\u0432\u0430 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043b, \u0447\u0442\u043e \u043d\u0430\u0448\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0441\u0430\u043c\u0430 \u043f\u043e \u0441\u0435\u0431\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0432\u043a\u0443\u0441\u043d\u044b\u0445 \u0446\u0435\u043b\u0435\u0439. CVE-2026-42897 \u0432 on-prem Exchange Server \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f: \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c The Hacker News \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 Microsoft, \u044d\u0442\u043e XSS/spoofing-\u0431\u0430\u0433 \u0441 CVSS 8.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u0438\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e, \u0435\u0441\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0430 \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u0435\u0433\u043e \u0432 Outlook Web Access. \u041f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c Exchange 2016, 2019 \u0438 Subscription Edition, \u0430 CISA \u0443\u0436\u0435 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 KEV.\n\n\u041d\u0430 \u0434\u0440\u0443\u0433\u043e\u043c \u043a\u043e\u043d\u0446\u0435 \u0441\u043f\u0435\u043a\u0442\u0440\u0430 - CVE-2026-25765 \u0432 Ruby Faraday. \u0415\u0441\u043b\u0438 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u0441\u0435\u0440\u0432\u0438\u0441 \u043d\u0430 Faraday \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 URL, build_exclusive_url \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.14.1 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043e\u0439\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 protocol-relative \u043f\u0443\u0442\u044c \u0432\u0438\u0434\u0430 //evil.com/path \u0438 \u0443\u0432\u0435\u0441\u0442\u0438 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0447\u0443\u0436\u043e\u0439 \u0445\u043e\u0441\u0442. \u042d\u0442\u043e \u0443\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0431\u0438\u0442\u044c \u043f\u043e \u0447\u0443\u0436\u0438\u043c \u0442\u0443\u043b\u0437\u0430\u043c, \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c, \u0441\u043a\u0430\u043d\u0435\u0440\u0430\u043c, webhook-\u043e\u0431\u0432\u044f\u0437\u043a\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0430\u043c\u0438 \u0445\u043e\u0434\u044f\u0442 \u043d\u0430\u0440\u0443\u0436\u0443. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0435\u0441\u0442\u044c \u0432 DailyCVE, \u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 advisory \u0438 \u0444\u0438\u043a\u0441 - \u0432 GitHub advisory \u0438 \u0440\u0435\u043b\u0438\u0437\u0435 2.14.1. \u0422\u043e\u043a \u0441\u0442\u0440\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u0447\u0442\u043e DailyCVE \u0443\u043a\u0430\u0437\u0430\u043d\u043e High, \u043d\u043e \u0432 NVD/CNA \u0443 \u043d\u0435\u0433\u043e \u0441\u0435\u0439\u0447\u0430\u0441 CVSS 5.8 MEDIUM.\n\n\u0410 \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u0435\u043d \u0441\u043e\u0432\u0441\u0435\u043c \u043f\u0440\u044f\u043c\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \"\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445\", \u0442\u043e \u0432\u043e\u0442 \u043e\u043d: CVE-2026-45087 \u0432 dalfox. \u041f\u043e advisory GitHub, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0438 <= 2.12.0, \u0430 \u0444\u0438\u043a\u0441 \u0432\u044b\u0448\u0435\u043b \u0432 2.13.0. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f: \u0432 server mode Dalfox \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u043b\u0443\u0448\u0430\u0435\u0442 0.0.0.0:6664, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 API key \u0431\u0435\u0437 \u044f\u0432\u043d\u043e\u0433\u043e --api-key, \u0430 \u0447\u0435\u0440\u0435\u0437 POST /scan \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u043a\u0438\u043d\u0443\u0442\u044c found-action \u0438 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f unauthenticated RCE \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0433\u0434\u0435 \u043a\u0440\u0443\u0442\u0438\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0435\u0440. \u0422\u043e \u0435\u0441\u0442\u044c \u043b\u043e\u043c\u0430\u044e\u0442 \u0443\u0436\u0435 \u043d\u0435 \u0446\u0435\u043b\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0430 \u0441\u0430\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041e\u0442\u0441\u044e\u0434\u0430 \u0438 \u043e\u0447\u0435\u043d\u044c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u0441\u0434\u0432\u0438\u0433: \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u043e\u0432, \u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445. \u0415\u0441\u043b\u0438 \u0443 blue team \u0433\u043e\u0440\u0438\u0442 Exchange, \u0442\u043e \u0443 red team, \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u043e\u0432 \u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u043e\u0440\u044f\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 HTTP-\u043a\u043b\u0438\u0435\u043d\u0442\u044b, \u043f\u0430\u0440\u0441\u0435\u0440\u044b, \u0441\u043a\u0430\u043d\u0435\u0440\u044b \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u0432\u044b\u043a\u043b\u0438 \u0434\u043e\u0432\u0435\u0440\u044f\u0442\u044c \"\u043f\u043e\u0447\u0442\u0438 URL\" \u0438\u043b\u0438 \u043f\u043e\u0434\u043d\u0438\u043c\u0430\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u0440\u0435\u0436\u0438\u043c \"\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e\". \u0412 2026 \u0433\u043e\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0431\u044c\u0435\u0442 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e \u0432\u0441\u0435\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0432\u043e\u043a\u0440\u0443\u0433 \u0446\u0435\u043b\u0438: \u043f\u043e \u043f\u043e\u0447\u0442\u0435, \u0430\u0433\u0435\u043d\u0442\u0430\u043c, \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c, \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0449\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c.\n\n\u0421 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u0443 \u043a\u043e\u043c\u0430\u043d\u0434 \u0437\u0430\u0449\u0438\u0442\u044b \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043f\u0440\u0438\u0431\u0430\u0432\u0438\u043b\u043e\u0441\u044c: \u0442\u0435\u043c\u043f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 0day \u0441\u0435\u0439\u0447\u0430\u0441 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043f\u043e\u0447\u0442\u0438 \u0431\u0435\u0437\u0443\u043c\u043d\u044b\u043c, \u0438 \u0435\u0449\u0435 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0442\u0430\u043a\u043e\u0439 \u043f\u043b\u043e\u0442\u043d\u043e\u0441\u0442\u0438 \u0442\u0440\u0443\u0434\u043d\u043e \u0431\u044b\u043b\u043e \u043e\u0436\u0438\u0434\u0430\u0442\u044c. \u0414\u043b\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0433\u043e\u043d\u043a\u0430 \u0442\u043e\u0436\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u043e\u0441\u0442\u0440\u044f\u0435\u0442\u0441\u044f: \u043a\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u043c \u043d\u0430\u0439\u0434\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0440\u043e\u0432\u043d\u044f CVSS 9.8, \u0443\u0441\u043f\u0435\u0435\u0442 \u0441\u0434\u0430\u0442\u044c \u0435\u0435 \u0432 bug bounty \u0438\u043b\u0438 \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0430, \u0442\u043e\u0442 \u0438 \u0441\u043d\u0438\u043c\u0430\u0435\u0442 \u0441\u043b\u0438\u0432\u043a\u0438.", "creation_timestamp": "2026-05-18T15:58:50.000000Z"}, {"uuid": "c73ff4f2-242d-44b4-a3ef-3226c7d9cadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mma2ux6xuf2s", "content": "CVE-2026-42897: Microsoft Exchange OWA XSS Vulnerability\n\nCVE-2026-42897 is a high-severity cross-site scripting vulnerability in Microsoft Exchange Server Outlook Web Access (OWA). Learn what's affected,...\n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-42897-exchange-owa-xss\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-19T18:54:36.010969Z"}, {"uuid": "65cb434d-ff06-4629-a434-269cb137fd98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mma2v2k3yg2s", "content": "CVE-2026-42897: Microsoft Exchange OWA Zero-Day Actively Exploited\n\nCVE-2026-42897 is an actively exploited XSS/spoofing flaw in Microsoft Exchange Server OWA. CVSS 8.1, affects Exchange 2016/2019/SE...\n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-42897-exchange-owa-zero-day\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-19T18:54:39.350546Z"}, {"uuid": "3c0ac39f-10bc-40be-b059-fb75673fe994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mma2v45xqv2s", "content": "Microsoft Exchange Zero-Day Under Attack, No Patch Available\n\nCVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compro...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-19-microsoft-exchange-zeroday-under-attack-no-patch-available\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-19T18:54:40.931053Z"}, {"uuid": "ce89c2bd-8607-4866-a2bf-552fe81a73e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/xakep_ru/19390", "content": "Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Exchange Server\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043d\u043e\u0432\u0443\u044e zero-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Exchange Server, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2026-42897. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Exchange Server 2016, 2019 \u0438 Subscription Edition (SE). \u041f\u043e\u043a\u0430 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043d\u0435\u0442, \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c Exchange Emergency Mitigation Service (EEMS).\n\nhttps://xakep.ru/2026/05/18/exchange-0day/", "creation_timestamp": "2026-05-18T17:37:01.000000Z"}, {"uuid": "1ddd3fd0-aada-4726-b566-3e64b5398ebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "content": "CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.", "creation_timestamp": "2026-05-18T19:43:51.000000Z"}, {"uuid": "68a354c3-1940-47e4-8b0b-46d1ac8de68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/nuke86.rfeed.it/post/3mm6zriwczj2x", "content": "New Post: CVE-2026-42897: vulnerabilit\u00e0 critica XSS in Exchange Server OWA \u2014 mitigazione di emergenza disponibile spcnet.it/cve-2026-428...", "creation_timestamp": "2026-05-19T09:02:07.291750Z"}, {"uuid": "41496f22-3e36-4bd3-be29-7f7eb1576d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/true_secator/8206", "content": "\u0412\u0447\u0435\u0440\u0430 Microsoft \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Exchange Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c XSS \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Outlook \u0432 \u0432\u0435\u0431-\u0432\u0435\u0440\u0441\u0438\u0438.\n\nCVE-2026-42897 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Exchange Server 2016, Exchange Server 2019 \u0438 Exchange Server Subscription Edition (SE).\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b, \u043d\u043e Microsoft \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0441\u043b\u0443\u0436\u0431\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Exchange (EEMS) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Exchange Server 2016, 2019 \u0438 SE.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e.\n\n\u0415\u0441\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u043f\u0438\u0441\u044c\u043c\u043e \u0432 Outlook Web Access \u0438 \u0431\u0443\u0434\u0443\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u0441\u043b\u043e\u0432\u0438\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JavaScript \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043b\u0443\u0436\u0431\u044b EM - \u043b\u0443\u0447\u0448\u0438\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c. \u0415\u0441\u043b\u0438 \u0441\u043b\u0443\u0436\u0431\u0430 EM \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0435\u0435 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0436\u0431\u0430 EM \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043d\u043e\u0432\u044b\u0445 \u043c\u0435\u0440 \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f Exchange Server \u0441\u0442\u0430\u0440\u0448\u0435 \u043c\u0430\u0440\u0442\u0430 2023 \u0433\u043e\u0434\u0430.\n\nEEMS \u0431\u044b\u043b\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0430 \u0432\u00a0\u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430\u00a0\u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Exchange, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043e\u0442 \u0430\u0442\u0430\u043a \u043f\u0443\u0442\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430 (\u0438, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445).\n\n\u041e\u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a \u0441\u043b\u0443\u0436\u0431\u0430 Windows \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Exchange \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430. \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u043e\u0448\u043b\u043e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043c\u043d\u043e\u0433\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u00a0ProxyLogon\u00a0\u0438\u00a0ProxyShell\u00a0(\u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0435 \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439).\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u0442 \u0441\u0435\u0442\u0438 \u0441\u0440\u0435\u0434\u0430\u0445 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Exchange on-premises Mitigation Tool (EOMT) \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0432 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f.\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 Exchange Management Shell (EMS) \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043e\u0434\u043d\u0443 \u0438\u0437 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u043a\u043e\u043c\u0430\u043d\u0434:\n\n- \u043e\u0434\u0438\u043d \u0441\u0435\u0440\u0432\u0435\u0440:\u00a0.\\EOMT.ps1 -CVE \"CVE-2026-42897\"\n- \u0432\u0441\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b:\u00a0Get-ExchangeServer | Where-Object { $_.ServerRole -ne \"Edge\" } | .\\EOMT.ps1 -CVE \"CVE-2026-42897\"\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432\u0430\u0436\u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0432\u044b\u0437\u043e\u0432\u0435\u0442 \u0440\u044f\u0434 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f:\n\n- \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u0435\u0447\u0430\u0442\u0438 \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u044f \u0432 OWA \u043c\u043e\u0436\u0435\u0442 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 Microsoft \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435, \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043d\u0438\u043c\u043e\u043a \u044d\u043a\u0440\u0430\u043d\u0430 \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u0440\u0430\u0441\u043f\u0435\u0447\u0430\u0442\u0430\u0442\u044c, \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 Outlook.\n\n- \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0432 \u043f\u0430\u043d\u0435\u043b\u0438 \u0447\u0442\u0435\u043d\u0438\u044f OWA \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u0435\u0439. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u0432\u0438\u0434\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043a \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u043c \u043f\u0438\u0441\u044c\u043c\u0430\u043c \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 Outlook.\n\n- OWA light (URL-\u0430\u0434\u0440\u0435\u0441 OWA, \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439\u0441\u044f \u043d\u0430\u00a0/?layout=light) \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e.\n\nMicrosoft \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Exchange SE RTM, Exchange 2016 CU23 \u0438 Exchange Server 2019 CU14 \u0438 CU15, \u043d\u043e \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0434\u043b\u044f Exchange 2016 \u0438 2019 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u0443\u0447\u0430\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 Exchange Server ESU \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043f\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u043c Microsoft \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442.", "creation_timestamp": "2026-05-15T11:21:04.000000Z"}, {"uuid": "f561a235-abe4-4150-97d1-ca2226b904ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmakdg7cak2g", "content": "\ud83d\udee1\ufe0f CVE-2026-42897: #CISA advierte #hackeo masivo activo en #MicrosoftExchangeServer (OWA) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/cve-...", "creation_timestamp": "2026-05-19T23:31:12.800755Z"}, {"uuid": "9b9325db-d7bf-487a-a676-7a6b9823543a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/solomonneas.dev/post/3mlvc24zfsc2k", "content": "\ud83d\udd34 Cisco SD-WAN zero-day exploited: CVE-2026-20182 is CVSS 10 auth bypass granting admin control. Patch or isolate management now.\n\n\ud83d\udd34 Exchange exploited in wild: CVE-2026-42897 hits on-prem OWA. Verify EMS mitigation and prep updates.\n\nsolomonneas.dev/intel", "creation_timestamp": "2026-05-15T12:03:29.228533Z"}, {"uuid": "c726c6a1-c606-4bba-a298-04cca04bba87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlvdk6ii2d2u", "content": "\ud83d\udd17 CVE : CVE-2026-42897, CVE-2026-42897", "creation_timestamp": "2026-05-15T12:30:20.935092Z"}, {"uuid": "7939c5e0-fce3-4430-95c5-8de515145fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mlvdsn7qiy23", "content": "CVE-2026-42897 in on-prem Exchange OWA can enable arbitrary JavaScript execution via crafted emails, with emergency mitigation potentially breaking inline images and calendar printing.\n", "creation_timestamp": "2026-05-15T12:35:05.711534Z"}, {"uuid": "8a4c11af-57f5-4786-abdc-b19b4bf4d18d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmhvibg62c2h", "content": "\ud83d\udee1\ufe0f CVE-2026-42897: #CISA advierte #hackeo masivo activo en Microsoft Exchange Server (OWA) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/cve-...", "creation_timestamp": "2026-05-22T21:39:23.020520Z"}, {"uuid": "011bdc17-2273-4080-a9e5-e8c21cbe1a00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmaueesnqq2x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42897: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42945: 50 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31635: 9 interactions\nCVE-2026-42945: 8 interactions\nCVE-2026-41054: 4 interactions\n", "creation_timestamp": "2026-05-20T02:30:37.098191Z"}, {"uuid": "3c07dc97-b1ef-4f1e-be72-df14108638ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmdakbn7kc2i", "content": "\ud83d\udee1\ufe0f CVE-2026-42897: CISA advierte hackeo masivo activo en Microsoft Exchange Server (OWA) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/cve-...", "creation_timestamp": "2026-05-21T01:14:04.608102Z"}, {"uuid": "5e1aaf29-a12e-4709-8635-f164242fd160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmdetqhuk22x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-42897: 56 interactions\nCVE-2026-46300: 46 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45584: 64 interactions\nCVE-2026-46727: 21 interactions\nCVE-2026-42462: 11 interactions\n", "creation_timestamp": "2026-05-21T02:33:02.183201Z"}, {"uuid": "de004bb9-72a6-40f8-97d6-e36ca069f8de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmfvchcwo22h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-45250: 63 interactions\nCVE-2026-42897: 43 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45250: 63 interactions\nCVE-2026-41091: 8 interactions\nCVE-2026-45498: 8 interactions\n", "creation_timestamp": "2026-05-22T02:30:45.985453Z"}, {"uuid": "1d6215fd-76e9-49c0-b29f-a606be131184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/kasperskyb2b/2193", "content": "\u27a1\ufe0f \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udfe2\u0410\u043d\u0430\u043b\u0438\u0437 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a APT Cloud Atlas, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0445 \u0432 2026 \u0433\u043e\u0434\u0443. \u0426\u0435\u043b\u0438 \u2014 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438 \u0434\u0438\u043f\u043b\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0438 \u0411\u0435\u043b\u043e\u0440\u0443\u0441\u0441\u0438\u0438. \u0426\u0435\u043b\u0435\u0432\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 VBCloud \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 PowerShower, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430, \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u0430\u044f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0430\u0442\u0430\u043a\u0438. \n\n\ud83d\udfe2APT Calypso/Red Lamassu \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2022 \u0433\u043e\u0434\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0442\u0435\u043b\u0435\u043a\u043e\u043c-\u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432 \u0410\u0422\u0420 \u0438 \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0412\u041f\u041e \u0434\u043b\u044f Linux \u0438 Windows. \u0418\u043c\u043f\u043b\u0430\u043d\u0442 Showboat \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a SOCKS5-\u043f\u0440\u043e\u043a\u0441\u0438 \n\n\ud83d\udfe2\u0423\u0433\u0440\u043e\u0437\u044b \u0434\u043b\u044f \u041f\u041a \u0437\u0430 1 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2026 \u0433\u043e\u0434\u0430: \u0431\u044b\u043b\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043f\u043e\u0447\u0442\u0438 3000 \u043d\u043e\u0432\u044b\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0439 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u0430 \u043e\u0442 \u0430\u0442\u0430\u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 77 \u0442\u044b\u0441\u044f\u0447 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041d\u0430 Clop \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c 14% \u0432\u0441\u0435\u0445 \u0436\u0435\u0440\u0442\u0432, \u0447\u044c\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 \u0443\u0442\u0435\u0447\u0435\u043a \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a \u0437\u0430 \u044d\u0442\u043e\u0442 \u043f\u0435\u0440\u0438\u043e\u0434.\n\n\ud83d\udd35APT Webworm \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0433\u043e\u0434 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438\u0437 \u0410\u0437\u0438\u0438 \u0432 \u0415\u0432\u0440\u043e\u043f\u0443. \u0412 \u0440\u044f\u0434\u0435 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 Discord \u0438 API MS Graph \u043a\u0430\u043a C2-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.\n\n\ud83d\udd35\u0420\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 TencShell, \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043d\u0430 Go, \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u0431\u0430\u0437\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e C2-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Rshell. \u0418\u043c\u043f\u043b\u0430\u043d\u0442 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u0446\u0435\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b. \n\n\ud83d\udfe3\u0420\u0430\u0437\u0431\u043e\u0440 TTPs APT44 \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 10 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0433\u0434\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0438\u044e\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u043f\u043e \u044f\u043d\u0432\u0430\u0440\u044c 2026. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u043f\u0440\u0438\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0433\u0440\u0443\u043f\u043f\u044b \u0434\u0430\u0432\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c\u0443 \u0412\u041f\u041e, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0441\u0435\u0442\u044f\u0445 \u0418\u0422 \u0438 \u041e\u0422 \u043f\u0440\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f.\n \n\ud83d\udfe3\u0420\u0430\u0437\u0431\u043e\u0440 \u0412\u041f\u041e ZionSiphon, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u043d\u0430\u0440\u0443\u0448\u0430\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c \u0432\u043e\u0434\u043e\u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u041d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0433\u0435\u043e\u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433\u0430 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0434\u0430\u044e\u0442 \u0412\u041f\u041e \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c, \u0430 \u0440\u0430\u0431\u043e\u0442\u0430 \u0441 \u0410\u0421\u0423 \u0422\u041f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e \u0438 \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u044d\u0444\u0444\u0435\u043a\u0442\u0430\u043c, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0412\u041f\u041e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\ud83d\udfe3Microsoft \u043f\u0440\u0435\u0441\u0435\u043a\u043b\u0430 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c SignSpaceCloud, \u0441\u0435\u0440\u0432\u0438\u0441\u0430 signing-as-a-service, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e \u043a\u0430\u043a Fox Tempest, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441 \u043c\u0430\u044f 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u0430\u0432\u0430\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043a\u043e\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0412\u041f\u041e. \u0421\u0440\u0435\u0434\u0438 \u00ab\u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432\u00bb \u2014 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Rhysida, INC, Qilin \u0438 Akira, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u044b, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u044b.\n\n\ud83d\udd35\u042d\u043f\u0438\u0434\u0435\u043c\u0438\u044e \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0443\u0436\u0435 \u0432\u043f\u043e\u0440\u0443 \u043d\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u0447\u0443\u043c\u043e\u0439. \u0421\u0440\u0435\u0434\u0438 \u0440\u0435\u0437\u043e\u043d\u0430\u043d\u0441\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043d\u0435\u0434\u0435\u043b\u044c: AntV (Alibaba), DurableTask (Microsoft), Nx Console, Grafana, TanStack, \u0438 \u043d\u0430 \u0437\u0430\u043a\u0443\u0441\u043a\u0443 \u0441\u0430\u043c GitHub.\n\n\ud83d\udd35\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0430\u0442\u0430\u043a APT Storm-2949, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044e\u0442 \u0446\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434 Microsoft, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f SaaS \u0438 PaaS. \n\n\ud83d\udfe3\u0412\u044b\u0448\u043b\u0438 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0432 Defender, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445: \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2026-41091) \u0438 DoS (CVE-2026-45498).\n\n\ud83d\udfe3\u0422\u0430\u043a\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0437\u0438\u0440\u043e\u0434\u0435\u0439 \u0432 Microsoft Exchange Outlook Web Access (CVE-2026-42897), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u044f\u0449\u0438\u043a\u0430\u0445 OWA. Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0437\u0430\u0449\u0438\u0442\u044b, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u043d\u0435 \u0433\u043e\u0442\u043e\u0432.\n\n\ud83d\udd34\u0417\u0430\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043f\u0430\u043b\u0435\u043e\u043d\u0442\u043e\u043b\u043e\u0433\u0438\u044f: \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0440\u0430\u0431\u043e\u0442\u044b Fast16, \u0434\u0432\u043e\u044e\u0440\u043e\u0434\u043d\u043e\u0433\u043e \u0431\u0440\u0430\u0442\u0430 Stuxnet. \u042d\u0442\u043e \u0412\u041f\u041e \u0431\u044b\u043b\u043e \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043e \u043d\u0430 \u041f\u041e LS-DYNA \u0438 Autodyn, \u0438 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0438 \u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u044f\u0434\u0435\u0440\u043d\u044b\u0445 \u0432\u0437\u0440\u044b\u0432\u043e\u0432. \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043f\u043e\u0434\u0441\u0447\u0451\u0442\u043e\u0432 \u043f\u043e\u0434\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u043d\u0430 \u043b\u0435\u0442\u0443, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u043b\u043e\u0442\u043d\u043e\u0441\u0442\u044c \u044f\u0434\u0435\u0440\u043d\u043e\u0433\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430 \u043d\u0435 \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u0430. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0432\u0435\u0440\u0435\u043d\u044b, \u0447\u0442\u043e fast16 \u0431\u044b\u043b \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0434\u043b\u044f \u0441\u0430\u0431\u043e\u0442\u0430\u0436\u0430 \u044f\u0434\u0435\u0440\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0418\u0440\u0430\u043d\u0430.\n\n\ud83d\udfe0\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u0437\u0430 \u0440\u0430\u043c\u043a\u0430\u043c\u0438 \u043d\u0430\u0448\u0438\u0445 \u043e\u0431\u044b\u0447\u043d\u044b\u0445 \u0442\u0435\u043c, \u043d\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u043c\u043e\u043b\u0447\u0430\u0442\u044c. \u0414\u043e 30% \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0437\u0430\u0440\u0443\u0431\u0435\u0436\u043d\u043e\u0435 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u041f\u041e, \u0437\u0430\u043a\u0443\u043f\u043b\u0435\u043d\u043d\u043e\u0435 \u0434\u043e 2022 \u0433\u043e\u0434\u0430, \u043d\u043e \u0443\u0436\u0435 \u0431\u0435\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u0435\u0437 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438. \u00af\\_(\u30c4)_/\u00af\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2026-05-25T09:12:01.000000Z"}, {"uuid": "035fa1a8-b0ff-429b-a46a-1602ed085e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mmhlcgr2r42v", "content": "\ud83d\udd0d Top signals this week:\n\nCVEs: CVE-2026-20182, CVE-2026-42897, CVE-2026-45585, CVE-2026-42945, CVE-2026-9082\nActors: Ransomware, Apt, Play\n\nFull intel: https://matlock.ca/cybersecnews", "creation_timestamp": "2026-05-22T18:37:06.602611Z"}, {"uuid": "deee4d1c-6f03-4ba1-a2e9-50b6ddde27e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp3useyyb27", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monito\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T18:22:20.864541Z"}, {"uuid": "16235bbb-f879-43f4-90da-612a28eee4a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp46f6tox2z", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:27:42.377769Z"}, {"uuid": "99c649f4-98bd-4fc6-bbbb-46ac2f218ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4b5zbjd2c", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:29:15.728805Z"}, {"uuid": "847276a6-2054-45d8-be6d-23ec80218751", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4jm4ujj2w", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:33:58.755136Z"}, {"uuid": "dc9d1694-5444-4a49-a444-972310e85fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4liup772e", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:35:02.605677Z"}, {"uuid": "b0fe8c64-3202-46ee-a6d8-1c9463db55e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4ogivon27", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:36:40.600153Z"}, {"uuid": "d43d4024-b085-4839-906c-94dc9f8c71ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4ryjoix2z", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:38:40.317987Z"}, {"uuid": "c9463d9f-5b78-4541-b5f7-6aa0b4609872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp4zdtpex22", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:42:47.342323Z"}, {"uuid": "8a167c81-45d5-45ff-98a2-5b9996e14325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp5c2e5ch2h", "content": "Dark Reading reports attackers exploiting a Microsoft Exchange zero-day (CVE-2026-42897), an XSS issue that could let them compromise Outlook Web Access mailboxes. For defenders, prioritize OWA exposure monitoring and mitigation until patched.", "creation_timestamp": "2026-05-25T18:47:39.805450Z"}, {"uuid": "add52b24-0505-486f-b718-4dc72aa90ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp5yehzay2a", "content": "Microsoft Exchange CVE-2026-42897 is being exploited via an XSS flaw that can let attackers compromise Outlook Web Access (OWA) mailboxes. For defenders, the lack of a patch means prioritizing exposure checks and compensating controls now.", "creation_timestamp": "2026-05-25T19:00:07.887275Z"}, {"uuid": "8717b654-f9b7-433f-ac77-023c05560c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp6c4p3td2c", "content": "Microsoft reports a zero-day XSS in Exchange (CVE-2026-42897) that could let attackers compromise OWA mailboxes. For defenders: review OWA exposure, monitor for suspicious mailbox actions, and watch vendor guidance\u2014no patch yet.", "creation_timestamp": "2026-05-25T19:05:35.227027Z"}, {"uuid": "a4e707bd-8758-4935-9e2b-d0df25f1f7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp6uqk37y2e", "content": "Microsoft Exchange: CVE-2026-42897 is a zero-day XSS that could let attackers compromise OWA mailboxes; no patch is available. For defenders: review OWA exposure and watch for abnormal\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T19:16:00.006609Z"}, {"uuid": "dbee77ba-7590-454c-a413-c7e9e3b7057a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmp77maavu27", "content": "Microsoft Exchange OWA: Dark Reading says CVE-2026-42897 is a zero-day XSS that could let attackers compromise OWA mailboxes. For defenders: audit OWA and watch for odd mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T19:22:04.801006Z"}, {"uuid": "d6d3e008-f504-4cb1-af15-af70d7e985a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmpbdzuaef2h", "content": "Microsoft Exchange (CVE-2026-42897): a cross-site scripting flaw can let attackers compromise Outlook Web Access mailboxes. For defenders: review OWA exposure and monitor suspicious ma\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-25T20:00:20.710625Z"}, {"uuid": "850fefae-3dc9-4a02-8cec-cbfe5e8afa59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/infotransec.bsky.social/post/3mmpj5svnyi25", "content": "Zero-day disclosure now outpaces mitigation capacity. CVE-2026-42897 hits Exchange servers with no patch - only temp fixes available.\n\ninfotransec.com/news/zero-da...\n\n#InfoSec #ZeroDay #Exchange #ThreatIntel", "creation_timestamp": "2026-05-25T22:20:01.820528Z"}, {"uuid": "251a5951-dfd6-4c50-809b-16bd86ec199c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmqwynvpuj2z", "content": "Dark Reading reports Microsoft Exchange CVE-2026-42897: a zero-day XSS affecting Outlook Web Access that could let attackers compromise OWA mailboxes. For defenders: review OWA exposur\u2026\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T12:00:20.958597Z"}, {"uuid": "af87c460-900a-4d54-9dce-b3fd129af083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmq46g5a3o2z", "content": "Microsoft Exchange (CVE-2026-42897) zero-day XSS is being exploited to compromise OWA mailboxes. For defenders: review OWA exposure and block suspicious mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T04:00:23.675712Z"}, {"uuid": "2f3c871b-e244-4b6f-bbb8-0ee5c0700b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmrrsxr72j2w", "content": "Microsoft Exchange (CVE-2026-42897) has a zero-day XSS that can let attackers compromise OWA mailboxes. For defenders: review OWA exposure and watch for odd mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T20:00:21.186644Z"}, {"uuid": "53a08b3f-0dad-4e0c-870a-3e8b30ab2f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbdx22e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:29:27.277969Z"}, {"uuid": "034d63a1-e5ea-4d4a-be59-358f611cc9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbmqc2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:29:28.293010Z"}, {"uuid": "b7ade50f-e16b-462f-aba5-732295c22955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbmqd2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:29:29.141246Z"}, {"uuid": "433513e7-424c-45e9-9b02-31c84a1826d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbnpl2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:23.969626Z"}, {"uuid": "9503db0b-569a-42f2-85e0-5736963b4899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbnpm2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:25.104443Z"}, {"uuid": "77a955cd-3818-4fc0-9684-57cd76416476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokboou2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:25.986170Z"}, {"uuid": "50121423-eb30-4dff-acd4-2b99b45ee18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokboov2e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:26.882698Z"}, {"uuid": "68e16e2b-8093-4d3a-ba3e-fb383f530102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbpo52e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:27.859573Z"}, {"uuid": "ced1de12-d2a4-447c-8270-34fc0907b8b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/diesec.bsky.social/post/3mmte3szsrg2d", "content": "Exchange Server zero-day (CVE-2026-42897): crafted email \u2192 OWA XSS \u2192 session token stolen.\u00a0\nActive exploitation confirmed.\nNo permanent patch.\n CISA deadline May 29.\nIf EM Service is disabled, you're unprotected right now.\n\nCheck EM Service status before Friday.\n\n#CyberSecurity", "creation_timestamp": "2026-05-27T11:00:05.860500Z"}, {"uuid": "8158bc8b-5426-4940-bddb-c284fcbb153c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmrcokbpo62e", "content": "4/ \u26a0\ufe0f THREE active exploits right now: SharePoint CVE-2026-32201 (RCE, actively hit). Exchange CVE-2026-42897 (CISA deadline May 29). Fortinet FortiAuth CVE-2026-44277 (CVSS 9.1). Patch. All. Three.", "creation_timestamp": "2026-05-26T15:30:28.733951Z"}, {"uuid": "05dba9ec-9b54-42ec-8783-d40cee4b16bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mmssvy5szc23", "content": "CVE-2026-42897, Microsoft publie une att\u00e9nuation d'urgence pour la faille XSS d'Exchange - IT SOCIAL itsocial.fr/cybersecurit...", "creation_timestamp": "2026-05-27T05:52:39.490764Z"}, {"uuid": "411ed968-4922-4c49-ab5b-6e85cfcaaf7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hakksaww.bsky.social/post/3mmuwmpbe5w2k", "content": "CISA Exchange CVE-2026-42897 federal deadline tomorrow. Three more crews hit this week: Marquis (400K), Brightspeed via Crimson Collective (1M+), Silent Ransom Group on law firms. All four in our STIX feed: https://analytics.dugganusa.com/stix/register", "creation_timestamp": "2026-05-28T02:04:22.648044Z"}, {"uuid": "88db9cb5-bedb-4a3a-a5af-405997b58d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mmvct7g2d426", "content": "Microsoft has confirmed attackers are actively exploiting CVE-2026-42897, a XSS flaw in on-premises Exchange Server's Outlook Web Access. A crafted email can run arbitrary JavaScript when opened in OWA. No permanent patch; CISA added the bug to KEV with a May 29 deadline for federal agencies.", "creation_timestamp": "2026-05-28T05:42:43.216373Z"}]}