Daily Threat Briefing – May 16, 2026

Critical, broad-impact briefing reporting active exploitation of a Microsoft Exchange zero-day (CVE-2026-42897), widespread npm supply-chain compromises (node-ipc, TanStack) causing credential theft, Turla’s Kazuar backdoor reworked into a modular P2P botnet for persistent access, active WordPress plugin attacks targeting payment-card and credential theft (Funnel Builder, Avada Builder, ~1M installations at risk), and a Canvas platform ransomware/extortion incident disrupting education — urgent mitigations, dependency audits, credential rotation, and patching are recommended.