Massive Vulns/Exploits/DoS Wave: May 2026 Patch Tuesday, NGINX, Defender, Cisco, Exchange
Key Questions
What vulnerabilities were addressed in the May 2026 Patch Tuesday?
Microsoft released patches for Defender CVEs-2026-41091 and 45498, which are actively exploited and listed in CISA KEV with a June 3 remediation deadline.
How quickly was the NGINX Rift flaw exploited?
The NGINX Rift 18-year vulnerability was exploited in the wild within three days of public disclosure.
What is the severity of the new Cisco vulnerability?
Cisco CVE-2026-20223 carries a CVSS score of 10.0 and affects Secure Workload API access, prompting urgent attention from organizations.
What does the Verizon DBIR 2026 report reveal about attack trends?
The report shows vulnerability exploitation has overtaken stolen credentials as the leading initial access vector, especially in AI-driven attacks.
What supply-chain incident affected Grafana?
A GitHub breach occurred via a compromised npm package in the Grafana supply chain, highlighting risks in open-source dependencies.
Why is AI shrinking patch windows?
Accelerated exploit development enabled by AI tools is reducing the time defenders have to apply patches before attacks occur.
What other issues are mentioned alongside the main vulns?
Additional items include a Google API key exposure gap and Webworm C2 infrastructure shifts that are contributing to the ongoing threat wave.
How should organizations respond to the current vulnerability flood?
Security teams are advised to prioritize CISA KEV items, accelerate patching at scale, and elevate discussions to the board level given the rapid exploitation pace.
NGINX Rift exploited in 3 days; Microsoft patches Defender CVEs-2026-41091/45498 (CISA KEV, June 3 deadline); Grafana npm supply-chain breach; DBIR confirms vuln exploitation surge overtaking credentials. AI shrinking patch windows. New: Cisco CVE-2026-20223 (CVSS 10.0), Google API key gap, Webworm C2 shift. Status climaxing.