Exchange zero-day, npm worm and fake AI repo hit SD-WAN

Microsoft disclosed that CVE-2026-42897, a spoofing flaw tied to cross-site scripting in on-premises Exchange Server, is being actively exploited. The vulnerability carries a CVSS score of 8.1. Microsoft credited an anonymous researcher for the report, has enabled a temporary mitigation via its Exchange Emergency Mitigation Service and is preparing a permanent patch. The company has not published details on who is exploiting the bug or the scope of successful intrusions.

Security responders attributed a recent wave of compromised TanStack npm packages to an actor known as TeamPCP and linked the activity to a broader campaign labeled Mini Shai-Hulud. Poisoned packages were found in dependencies used by multiple projects. The altered packages distributed a stealer payload and contained credentials and secrets that attackers used to attempt cloud access.

Investigators reported that compromised packages and stolen keys were reused to seek access to cloud environments and to serve as initial access for follow-on operations. In some cases, operators validated credentials with scanning tools such as TruffleHog. The campaign also included attempts against PyPI and leveraged widely reused open-source libraries to reach downstream projects.

A separate incident involved a malicious model repository on the Hugging Face model hub that impersonated an open-weight privacy filter. The repository, published under Open-OSS/privacy-filter, copied the legitimate project description and instructed users to run start.bat on Windows or python loader.py on other systems. Executing those files deployed a Rust-based information stealer. Hugging Face disabled access to the repository after it began trending on the platform.

Cisco Talos attributed exploitation of CVE-2026-20182, an authentication bypass in the Catalyst SD-WAN Controller, to a threat actor tracked as UAT-8616. Talos reported the actor attempted to add SSH keys, modify NETCONF configurations and escalate privileges to root after successful exploitation. Talos also linked UAT-8616 to prior weaponization of CVE-2026-20127 against SD-WAN systems earlier this year.

Vendors and researchers described containment steps taken so far: Microsoft deployed an emergency mitigation service for Exchange, Hugging Face removed the malicious model, and Cisco published guidance for affected SD-WAN customers. Security teams advised verifying publisher identity for public models, scanning model and package downloads for unexpected binaries, and rotating exposed credentials.

Rapid7 warned that nation-state operators often seek long-term access that blends into network traffic rather than immediate data theft, and that network controllers can provide persistent vantage points. The incidents underline the linkage between compromised developer dependencies, leaked secrets and access to cloud and production systems.