DigiSyntix Labs
DigiSyntix
May 17, 2026

IT News Digest: May 17, 2026: OpenAI Hacked, Exchange Zero-Day & Pwn2Own Exploits

A mix of high-profile arrests, multiple zero-day wins at Pwn2Own Berlin, an actively exploited Exchange flaw, an Azure report dispute, and a confirmed OpenAI supply-chain breach dominated security headlines.

IT News Digest: May 17, 2026: OpenAI Hacked, Exchange Zero-Day & Pwn2Own Exploits cover

Links

7
youtu.beYouTubewired.comWIRED: Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Te...bleepingcomputer.comBleepingComputer: Microsoft Exchange, Windows 11 hacked on second day of Pwn2Ownbleepingcomputer.comBleepingComputer: Microsoft warns of Exchange zero-day flaw exploited in attacksbleepingcomputer.comBleepingComputer: Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026bleepingcomputer.comBleepingComputer: Microsoft rejects critical Azure vulnerability report, no CVE issuedbleepingcomputer.comBleepingComputer: OpenAI confirms security breach in TanStack supply chain attack

A compact security roundup for product and engineering teams: law enforcement arrests, several Pwn2Own disclosures, an Exchange zero-day in the wild, a contested Azure vulnerability disclosure, and a supply-chain breach affecting OpenAI.

Law-enforcement wins after operational slip

A pair of alleged cybercriminals were identified and apprehended after reportedly failing to disable Microsoft Teams recording during an operation. Coverage of the week also notes an arrest tied to a suspected dark net market kingpin, and that the Instructure Canvas ransomware incident has reached a conclusion.

Pwn2Own Berlin Day 1: Windows 11 and Edge targeted

On the first day of Pwn2Own Berlin 2026, participating teams demonstrated 24 distinct zero-day exploits and earned cash awards totaling $523,000. Among the products shown to be vulnerable were Windows 11 and Microsoft Edge.

Pwn2Own Berlin Day 2: Exchange, Windows, and RHEL demonstrate more gaps

The second day of the contest produced another round of successful demonstrations: researchers exploited 15 unique zero-days and were awarded $385,750 in cash. Targets included Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations.

Microsoft flags an Exchange Server zero-day being abused

Microsoft issued mitigations for a high-severity flaw in Exchange Server that has been used in attacks. The vulnerability enables arbitrary code execution via a cross-site scripting vector that specifically targets Outlook on the web users.

Dispute over an Azure Backup for AKS report and missing CVE

A researcher says Microsoft quietly remediated a critical issue affecting Azure Backup for AKS without issuing a CVE after initially rejecting the report. Microsoft disputes that account, stating the observed behavior was expected and that no product changes were made.

OpenAI confirms breach tied to TanStack supply-chain incident

OpenAI acknowledged that two employee devices were compromised during the recent TanStack supply-chain attack that touched hundreds of npm and PyPI packages. As a precaution, the company rotated code-signing certificates for its applications.

Quick wrap: This week combined high-visibility exploit demonstrations and active incidents with notable enforcement actions and vendor disputes. Teams shipping software should track the disclosed Exchange mitigations, follow supply-chain advisories, and watch for any follow-ups from affected vendors.

Back to News

Community feedback

What do you think?

Leave one reaction and join the discussion below.

0 reactions0 comments

Comments

0 comments

Stay in the loop

Get releases, product updates, and launch notes by email. One list for news and products.

Releases and updates only. No spam.