THE Hacker News’ weekly recap for 18 May 2026 surveys a flurry of cyber incidents from Exchange 0‑day exploits to a worm propagating through npm packages. It flags On‑Prem Microsoft Exchange Server CVE-2026-42897 as being exploited in the wild, described as a spoofing bug stemming from a cross‑site scripting flaw, with an anonymous researcher credited for discovery and Microsoft offering a temporary mitigation via the Exchange Emergency Mitigation Service while a permanent fix is prepared.
The piece also notes CVE-2026-20182 in Cisco Catalyst SD‑WAN Controller, with Cisco Talos citing a threat actor tracked as UAT‑8616 performing post‑compromise actions such as adding SSH keys and escalating privileges. It highlights the Mini Shai‑Hulud worm that compromised dozens of TanStack npm packages as part of a broader supply‑chain campaign, attributed to TeamPCP, which seeks to harvest credentials and enable wider cloud access.
The report stresses how a single poisoned dependency can cascade through thousands of downstream applications, underscoring the speed and scale of modern attacks in an AI‑driven threat landscape. It also notes related developments, including open‑source model phishing and AI‑assisted vulnerability discovery, illustrating the broad spectrum of threats confronting organisations today.