Daily Threat Briefing – May 15, 2026

Critical, multi-faceted threat briefing: Active exploitation of Cisco Catalyst SD-WAN (CVE-2026-20182, CVSS 10.0) enabling admin access; supply-chain compromises of TanStack and malicious node-ipc versions stealing developer secrets (affecting OpenAI and others); rapid post-disclosure exploitation of authentication bypasses; state-sponsored APT activity (Ghostwriter/FrostyNeighbor) targeting Ukrainian and Polish government entities; and a Canvas LMS data extortion campaign disrupting educational institutions — immediate patching, dependency audits, credential rotation, and targeted incident response are recommended.