Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Microsoft Exchange Server Zero-Day XSS Vulnerability Exploited in Active Attacks
Occurred 15 May 2026·Detected 18 May 2026·
Global — Microsoft Exchange Server deployments worldwide; Outlook on the web user base1 reportEnded 29 May 2026
CyberPropertyCyberCasualty & Liability
Microsoft has disclosed a high-severity zero-day vulnerability in Exchange Server that is actively being exploited in the wild. The flaw enables threat actors to execute arbitrary code through cross-site scripting (XSS) attacks targeting Outlook on the web users. Microsoft has issued mitigations while a full patch is pending. The global reach of Exchange Server deployments makes this a significant cyber risk event affecting organisations worldwide.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: Admin recalibration. The event has a plausible London Market pathway, but the current evidence does not support HIGH: no confirmed market-moving insured loss, vessel total loss, major closure, quantified claims estimate, reinsurance trigger, or broad pricing/capacity response is evidenced.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known5 lines
Microsoft disclosed a high-severity zero-day vulnerability in Exchange Server on 15 May 2026▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The vulnerability is being actively exploited in attacks▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The attack vector is cross-site scripting (XSS) enabling arbitrary code execution▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Outlook on the web users are the primary targets▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Microsoft has released mitigations▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported2 lines
The vulnerability allows threat actors to execute arbitrary code via XSS▾
structured linereported
No separate sourced-claim record is available for this line yet.
Attacks are ongoing at time of publication▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
Identity and attribution of threat actors exploiting the vulnerability is unknown▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Scale and number of organisations affected is not specified▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether a full patch or timeline for patch release has been confirmed▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether this is a state-sponsored operation or cybercriminal activity▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:36
Status changed to active
remediation: existing authoritative signal
signal → active
De-escalation25 May 2026, 21:18
Impact changed
high → medium
Initial Detection18 May 2026, 10:42
Initial Detection
Microsoft has disclosed a high-severity zero-day vulnerability in Exchange Server that is actively being exploited in the wild. The flaw enables threat actors to execute arbitrary code through cross-site scripting (XSS) attacks targeting Outlook on the web users. Microsoft has issued mitigations while a full patch is pending. The global reach of Exchange Server deployments makes this a significant cyber risk event affecting organisations worldwide.
Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.
Source: BleepingComputer (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts