Daily Threat Briefing – May 17, 2026

### Executive Summary This briefing highlights multiple high‑severity, actively exploited threats: a WooCommerce checkout skimming campaign via the Funnel Builder WordPress plugin stealing payment data; a CVSS 10.0 authentication bypass and RCE in Cisco SD‑WAN under active exploitation with a CISA patch mandate; supply‑chain compromises of TanStack and node‑ipc npm packages that harvested developer credentials; a Microsoft Exchange Server zero‑day (CVE‑2026‑42897) being exploited with only mitigations available; and Turla’s enhancement of the Kazuar backdoor into a modular P2P botnet. Immediate patching, credential rotation, code and repo audits, WAF/EDR detection, and incident response activation are recommended.