Kazuar Botnet, Cisco SD-WAN Flaws, and BitLocker Zero-Day Highlight Cybersecurity Risks - May 2026

CybersecFriday, May 15, 2026

50 articles analyzed by AI / 162 total

Key points

Audio player

0:00 / 0:00

•In May 2026, Microsoft disclosed a critical vulnerability (CVE-2026-42897) in on-premises Exchange Server involving cross-site scripting and email-based exploitation, rated 8.1 on the CVSS scale, which is actively exploited in the wild. Concurrently, Cisco Catalyst SD-WAN Controllers suffered from a critical flaw (CVE-2026-20182), also actively exploited to gain administrative access, leading to its addition on CISA’s Known Exploited Vulnerabilities list with urgent patching deadlines.[The Hacker News RSS][Cybersecurity Dive][The Hacker News RSS]
•Advanced cyber threats continue evolving, with the Russian state-backed Turla group enhancing its Kazuar malware into a modular peer-to-peer botnet that provides stealthy, persistent access to targeted networks. Microsoft and CISA assessments highlight the sophisticated modular architecture and P2P command-and-control, signaling rising complexity in state-sponsored cyberattacks.[The Hacker News RSS]
•Artificial intelligence is increasingly integrated into cybersecurity, both as a threat vector and a defensive tool. Kaspersky revealed North Korean hackers' use of AI to attack South Korean government systems, while Anthropic’s Mythos AI system has successfully identified multiple vulnerabilities in Apple MacOS, showcasing AI's expanding role in cyber threat detection and attack facilitation.[Cybersecurity Insiders][Reddit /r/netsec]
•Supply chain attacks remain a critical concern, exemplified by OpenAI’s report of a TanStack breach affecting two employee devices without data compromise. The incident led to important macOS security updates in May 2026, highlighting ongoing risks within developer ecosystems and prompting rapid mitigation efforts.[The Hacker News RSS]
•Significant vulnerabilities have been found in widely used security software, such as the four chained OpenClaw flaws allowing data theft, privilege escalation, and persistence, and a zero-day exploit in Windows BitLocker enabling unauthorized access to encrypted drives. These exposures underscore the necessity for rapid vulnerability management in critical encryption and monitoring tools.[The Hacker News RSS][CyberSecurityNews]
•In an effort to enhance regional cybersecurity capacity, the UAE Cyber Security Council in partnership with CPX Holding launched the UAE Cyber Factory. This initiative, unveiled in May 2026, focuses on strengthening domestic cybersecurity infrastructure and operational capabilities across multiple sectors to address rising cyber threats.[Telecompaper]

Relevant articles

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

9/10

Microsoft disclosed a high-severity vulnerability CVE-2026-42897 in on-premises Exchange Server with a CVSS score of 8.1. The flaw, a cross-site scripting spoofing bug, is actively exploited via crafted emails as of May 2026.

The Hacker News RSS · 5/15/2026, 6:19:04 AM

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

8/10

The Russian state-sponsored group Turla has upgraded its Kazuar backdoor into a modular peer-to-peer botnet allowing stealthy, persistent access. This sophisticated malware operation was detailed by CISA in May 2026.

The Hacker News RSS · 5/15/2026, 5:10:25 PM

Anthropic Mythos AI detects vulnerabilities in Apple MacOS - Cybersecurity Insiders

8/10

Anthropic Mythos AI detected multiple security vulnerabilities in Apple MacOS, demonstrating AI's growing role in automated vulnerability identification and threat intelligence as of May 2026.

Cybersecurity Insiders · 5/15/2026, 3:20:05 PM

Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller - Cybersecurity Dive

8/10

Attackers are exploiting a critical vulnerability in Cisco Catalyst SD-WAN Controller that may allow remote code execution and widespread network compromise. This active exploitation warns of significant risk to thousands of global devices.

Cybersecurity Dive · 5/15/2026, 4:17:04 PM

North Korean Hackers Now Using AI? Kaspersky Warns of New Threat Targeting South Korean Govt Systems

8/10

Kaspersky reports North Korean hacking groups have started employing AI tools to target South Korean government systems, marking a new phase of AI-empowered cyberattacks in Asia as of 2026.

Reddit /r/netsec · 5/15/2026, 4:17:55 PM

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

8/10

Researchers revealed four chained security flaws in OpenClaw, collectively called the Claw Chain, enabling attackers to execute data theft, privilege escalation, and maintain persistence as of May 2026.

The Hacker News RSS · 5/15/2026, 1:35:04 PM

Windows BitLocker 0-Day Vulnerability Enables Access to Encrypted Drives - CyberSecurityNews

8/10

Security researchers discovered a 0-day Windows BitLocker vulnerability that allows attackers to bypass encryption and access protected drives without authorization. This critical flaw affects recent Windows versions and demands urgent attention.

CyberSecurityNews · 5/15/2026, 8:09:35 AM

UAE Cyber Security Council and CPX Holding establish UAE Cyber Factory - Telecompaper

8/10

The UAE Cyber Security Council and CPX Holding jointly established the UAE Cyber Factory in May 2026 to bolster local cybersecurity infrastructure and enhance cyber defense capabilities across multiple sectors.

Telecompaper · 5/15/2026, 7:59:32 AM

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

8/10

CISA added the critical Cisco Catalyst SD-WAN Controller vulnerability CVE-2026-20182 to its Known Exploited Vulnerabilities list due to active administrator access exploits, with a federal fix deadline in May 2026.

The Hacker News RSS · 5/15/2026, 5:28:03 AM

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

7/10

OpenAI disclosed a supply chain attack via TanStack that affected two employee devices without compromising data or systems, which prompted macOS updates to mitigate risks in May 2026.

The Hacker News RSS · 5/15/2026, 10:54:44 AM