Microsoft Exchange zero-day in active use; npm worm clones spread after source leak

Critical, multi-faceted threat briefing: a Microsoft Exchange zero-day (CVE-2026-42897) is being actively exploited with no patch available; Shai-Hulud worm source was leaked and cloned packages have appeared targeting npm developers; coordinated supply-chain credential-theft campaigns impacted npm, PyPI, and Docker Hub; Grafana’s source code was stolen using a compromised GitHub token; and INTERPOL’s Operation Ramz led to 201 arrests—urgent remediation and credential/secret rotation are recommended.