Daily Cybersecurity Updates - May 19, 2026

1 minute read

Published: May 19, 2026

Top 3-5 Updates

Dark Reading: Microsoft Exchange OWA zero-day CVE-2026-42897 remained under active exploitation on May 18 with no patch yet, which matters because mailbox compromise still creates a clean path to BEC, token theft, and downstream ransomware.
Dark Reading: Four patched OpenClaw flaws (CVE-2026-44112, CVE-2026-44115, CVE-2026-44118, CVE-2026-44113) show how AI agent platforms can turn normal tool use into stealthy persistence and credential theft.
Google Threat Intelligence Group: GTIG’s latest AI threat tracker remains the highest-signal AI-cyber item in scope, documenting AI-assisted zero-day discovery, malware obfuscation, and autonomous Android backdoor behavior relevant to defender planning.

No high-signal new USENIX Security accepted-paper or arXiv cs.CR items stood out in the past 24 hours.

CISA KEV Catalog: CVE-2026-42897 is now in KEV, so Exchange OWA exposure should be treated as a live-priority remediation and mitigation problem.
Unit 42 Threat Bulletin - May 2026: Unit 42’s current bulletin argues that identity abuse, trusted software paths, and AI-assisted discovery are converging into a lower-noise attack model that bypasses many exploit-centric detections.

No technically meaningful new r/cybersecurity or r/netsec discussion in the past 24 hours added enough verified signal to include.

OpenClaw’s bug chain is a concrete example of human-AI trust failure: benign-seeming tool calls can mask privilege escalation and persistence.
The Exchange case reinforces that AI-assisted defense still needs strong prioritization around identity, mail, and session-token abuse, not just endpoint malware.
GTIG’s report is directly relevant to adversarial AI and human-AI collaboration because it shows both attacker automation gains and the need for defender-side AI monitoring, repair, and validation.