Bottom line: Microsoft Exchange Server is being actively exploited, Cisco SD-WAN Controllers fall victim to authentication gaps, and trusted software packages are being manipulated. Enterprises should prioritize patching less obvious risks to protect themselves from attack chain effects.
A critical security vulnerability in Microsoft Exchange Server is already being actively exploited. At the same time, trusted software packages are being manipulated and fake AI repositories are being used as bait. The attack patterns paint a clear picture: weak dependencies lead to key leaks, leaked keys open cloud access, and cloud access becomes a production incident.
The week begins with fundamental trust issues. A vulnerability in Microsoft Exchange Server is already being exploited in practice. This is CVE-2026-42897 with a CVSS score of 8.1, a spoofing vulnerability originating from a cross-site scripting error. Microsoft provides a temporary workaround through its Emergency Mitigation Service, while a permanent fix is being developed. To date, details about the exploitation method, the identity of the attackers, and the scope of the attacks remain unclear.
In parallel, a concerning trend is emerging with Cisco Catalyst SD-WAN Controllers. The threat group UAT-8616 is exploiting CVE-2026-20182, a critical authentication vulnerability. Following successful exploitation, SSH keys are added, NETCONF configurations are modified, and root privileges are escalated. The same group was already involved in the exploitation of CVE-2026-20127. Security experts warn that nation-states exploit such vulnerabilities for persistence positioning – not for quick attacks, but to remain present long-term undetected, observe, and pivot later.
The overall situation illustrates a critical pattern: a weak dependency can expose access keys, a leaked key enables cloud access, and cloud access becomes a production problem. AI accelerates vulnerability discovery, attackers move faster, and old, unpatched security vulnerabilities continue to pay off for cybercriminals.