A critical vulnerability in Microsoft Exchange Server has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, indicating that the flaw is being actively exploited by threat actors. This development is particularly significant as it highlights a shift in the threat model from criminal activity to state-aligned operations, which requires a distinct approach to mitigation. Meanwhile, the Pwn2Own Berlin 2026 hacking competition has concluded, with DEVCORE being crowned the Master of Pwn and taking home a total of $1.298 million. Additionally, researchers have identified a bug in Funnel Builder that is being exploited by attackers to inject e-skimmers into e-stores, and Russian APT group Turla has been found to be using a long-term access tool built with Kazuar. The involvement of state-aligned actors, such as those associated with CISA's catalog, means that practitioners must adapt their security strategies to account for geopolitical motivations1.
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION
⚡ High Priority
Why This Matters
State-aligned activity involving CISA shifts the threat model from criminal to geopolitical — different playbook required.
References
- Paganini, P. (2026, May 17). Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION. SecurityAffairs. https://securityaffairs.com/192269/security/security-affairs-newsletter-round-577-by-pierluigi-paganini-international-edition.html
Original Source
SecurityAffairs
Read original →