One email could be all it takes.

Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through ClickFix scams, healthcare braces for major HIPAA security changes, and hackers cash in big at Pwn2Own Berlin after burning through two dozen zero-days. Maria Varmazis joins us with the latest from the T-Minus space cyber podcast. Researchers roll their eyes at ransomware reassurances.

Today is Friday May 15th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Microsoft warns of a high-severity zero-day flaw affecting on-premises Exchange Server deployments.

Microsoft is warning organizations about a high-severity zero-day vulnerability in on-premises Exchange Server deployments that could let attackers execute arbitrary code through a specially crafted email sent to an Outlook user.

The flaw, tracked as CVE-2026-42897, stems from a cross-site scripting vulnerability in Microsoft Exchange Server. Microsoft says the issue affects all supported versions of Exchange Server 2016, 2019, and Subscription Edition, but not Exchange Online. The company has not released a patch yet. In the meantime, Microsoft recommends enabling the Exchange Emergency Mitigation Service, which automatically applies protections by default. Manual mitigations are also available for disconnected or air-gapped environments.

On-premises Exchange servers remain high-value targets for attackers. Organizations may need to balance risk reduction against potential disruptions to features like inline images and calendar printing while waiting for patches.

OpenAI says a recent supply chain attack exposed limited credential material from internal code repositories.

OpenAI says a recent software supply chain attack tied to the compromised TanStack ecosystem led to the theft of limited credential material from internal source code repositories.

The attack began May 11, when the TeamPCP hacking group published malicious packages across the TanStack development stack and other NPM and PyPI namespaces. The campaign infected developer systems with the Shai-Hulud worm. OpenAI says two employee devices were compromised, giving attackers access to several internal repositories. The company says no customer data or intellectual property was exposed, but compromised repositories did contain code-signing certificates for macOS, Windows, iOS, and Android applications.

The incident highlights the downstream risks of open source package attacks. OpenAI revoked affected certificates, rotated credentials, and restricted deployment workflows. macOS users must update OpenAI applications by June 12, 2026, as older versions may stop functioning properly.

Researchers say a suspected Chinese cyberespionage group upgraded its malware framework to improve persistence and stealth.

Researchers at Darktrace say a suspected Chinese state-linked hacking group, tracked as Mustang Panda and Twill Typhoon, has expanded its FDMTP malware with new modular capabilities. The updated framework allows attackers to load plugins, update tooling, and maintain persistence through legitimate-looking Windows processes. Researchers observed the activity targeting Asia-Pacific government organizations and finance-sector systems using spoofed domains impersonating Yahoo and Apple infrastructure.

The campaign reflects a broader shift toward flexible, long-term cyberespionage operations built for stealth and adaptability.

TeamPCP threatens to leak alleged Mistral AI source code following a broader software supply-chain compromise.

The TeamPCP hacking group claims it stole nearly 450 internal repositories from Mistral AI and is threatening to leak the data unless a buyer pays $25,000.

According to posts on a hacker forum, the data allegedly includes repositories tied to training, benchmarking, inference, and future artificial intelligence projects. Mistral AI confirmed that attackers compromised a codebase management system during the wider TanStack supply-chain attack, which spread through contaminated npm and PyPI packages using stolen CI/CD credentials. The company says some software development kit packages were briefly affected after a developer device was compromised.

The incident highlights the cascading risk of software supply-chain attacks, especially when developer environments and trusted package ecosystems are targeted. Mistral says its hosted services, managed user data, and research environments were not compromised. OpenAI has also disclosed downstream impact from the same campaign.

Federal regulators are nearing a decision on sweeping HIPAA security rule changes that could reshape healthcare cybersecurity requirements.

Federal regulators are expected to decide this year whether to finalize major updates to the HIPAA Security Rule, marking the most significant overhaul since the regulation was introduced more than two decades ago.

The proposed changes would make many currently “addressable” safeguards mandatory, including encryption and multifactor authentication. The draft rule also calls for stricter documentation, enhanced security risk analyses, tighter oversight of business associates, and potentially new requirements around micro-segmentation and incident response. Healthcare industry groups argue the measures could impose heavy financial and operational burdens on already stretched providers. Still, current and former Health and Human Services officials say growing cyber threats against hospitals and healthcare systems make stronger standards difficult to ignore.

Security and legal experts say organizations should begin preparing now, even if the final rule is delayed or narrowed. Many view the proposal as a roadmap for what regulators increasingly consider baseline cybersecurity expectations for healthcare environments.

American Lending Center says a 2025 ransomware attack exposed sensitive data belonging to more than 123,000 individuals.

California-based lender American Lending Center says a ransomware attack discovered in July 2025 may have exposed personal information tied to more than 123,000 people. The company says attackers compromised its internal network and accessed files containing names, dates of birth, and Social Security numbers. A forensic investigation concluded in April 2026, and the company says it has found no evidence of misuse of the data so far.

The incident adds to ongoing concerns about ransomware targeting financial institutions and the risks tied to sensitive customer records.

Sophos researchers detail a sophisticated AMOS macOS infostealer campaign using ClickFix-style social engineering.

Sophos researchers say a recent macOS incident involved a variant of the Atomic macOS, or AMOS, infostealer delivered through a ClickFix-style social engineering attack. The victim was tricked into running a malicious Terminal command that downloaded additional payloads, captured the user’s macOS password, harvested browser credentials and Keychain data, and established persistence through LaunchDaemons.

Sophos says AMOS accounted for nearly 40% of its macOS protection updates in 2025 and remains one of the most active macOS infostealers observed in customer environments. The malware also targets cryptocurrency wallet data and uses anti-analysis checks to evade detection in virtualized environments.

Researchers say the campaign reflects a broader trend of attackers relying on social engineering instead of exploits to bypass security protections on macOS systems.

Researchers uncover a global underground marketplace built to unlock and resell stolen iPhones through smishing and social engineering.

Researchers investigating a stolen iPhone discovered a large Telegram-based underground economy dedicated to unlocking and reselling stolen smartphones, especially high-end iPhones. According to Infoblox, the ecosystem combines phishing kits, social engineering tools, and “unlocking” software that helps criminals extract device information and trick owners into surrendering passcodes and Apple credentials.

The report found attackers commonly use smishing messages tied to fake Apple “Find My” pages. Once victims enter credentials or passcodes, attackers can disable Activation Lock and regain full control of the device. Researchers identified more than 10,000 phishing domains linked to these campaigns and observed a 350% increase in related DNS traffic in 2025. Some tools even attempt to evade detection automatically by contesting Google Safe Browsing blocks.

Researchers say the operation is driven less by data theft and more by the resale value of unlocked devices, creating a scalable criminal marketplace with low barriers to entry and real-world impacts tied directly to smartphone theft.

Researchers earned more than half a million dollars on day one of Pwn2Own Berlin 2026 after exploiting 24 zero-day vulnerabilities.

Security researchers earned $523,000 on the opening day of Pwn2Own Berlin 2026 after successfully demonstrating 24 previously unknown vulnerabilities across Microsoft, Linux, AI, and enterprise platforms.

The largest payout went to researcher Orange Tsai, who received $175,000 for chaining four logic bugs to escape Microsoft Edge’s sandbox protections. Windows 11 was also compromised three times through separate privilege escalation exploits. Additional successful attacks targeted OpenAI Codex, LiteLLM, NVIDIA software, LM Studio, and Red Hat Linux. The competition, hosted during OffensiveCon in Berlin, focuses heavily on enterprise technologies and artificial intelligence systems.

The event highlights growing researcher attention on AI infrastructure and developer tooling, alongside traditional operating system and browser targets. Under contest rules, affected vendors now have 90 days to develop and release patches for disclosed vulnerabilities.

 

Researchers roll their eyes at ransomware reassurances. 

After reaching what it called an “agreement” with the ShinyHunters extortion group, Instructure assured schools that stolen Canvas data tied to roughly 275 million students, teachers, and staff had been destroyed. The hackers even provided “shred logs,” which in cybersecurity circles lands somewhere between “trust us” and “the check is in the mail.”

Threat intelligence experts interviewed by The Register say they do not believe the data is truly gone. Researchers noted ShinyHunters has a history of recycling and reselling previously “deleted” information. The incident reportedly escalated after attackers injected ransom messages into hundreds of school login portals during final exams, increasing pressure on schools and administrators.

Security analysts say the breach highlights the brutal economics of ransomware in education, where operational chaos, reputational damage, and the risk of exposing children’s data can push organizations toward paying demands they publicly insist they would never pay.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.