⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

What’s new: A critical vulnerability (CVE-2026-42897) in on-prem Microsoft Exchange Server is being actively exploited, with a CVSS score of 8.1. Cisco Catalyst SD-WAN Controller is also under attack due to CVE-2026-20182, an authentication bypass flaw. Additionally, a new wave of supply chain attacks has compromised TanStack npm packages, attributed to the TeamPCP group, which aims to harvest credentials and secrets. A fake Hugging Face repository has been identified that delivers stealer malware, and Instructure has reached a ransom agreement with the ShinyHunters group after a data breach.

Who’s affected

Organizations using on-prem Microsoft Exchange Server, Cisco Catalyst SD-WAN Controllers, and those relying on TanStack npm packages are at risk. Users of Hugging Face and institutions using Instructure’s Canvas platform may also be impacted.

What to do

• Apply patches for CVE-2026-42897 and CVE-2026-20182 as soon as they are available.
• Monitor for suspicious activity related to TanStack npm packages and review dependencies for potential vulnerabilities.
• Educate users on the risks of downloading from unverified repositories, especially in AI model registries.
• Consider implementing a robust incident response plan in light of recent ransom agreements and data breaches.

Sources

• The Hacker News