IT News Digest: May 17, 2026: OpenAI Hacked, Exchange Zero-Day & Pwn2Own Exploits
The cybersecurity landscape has been relentless this week. From high-profile supply-chain breaches to embarrassing operational security failures, here is your essential security digest for May 17, 2026.
In this week's briefing:
OpSec Failure Leads to Arrests: A pair of alleged cybercriminals were identified and apprehended by law enforcement after they reportedly failed to disable the recording feature on Microsoft Teams during a malicious operation.
Pwn2Own Berlin 2026 - Day 1: The elite hacking competition kicked off with a bang. Participating researchers demonstrated 24 distinct zero-day exploits, successfully targeting major products like Windows 11 and Microsoft Edge, earning over $523,000 in cash prizes.
Pwn2Own Berlin 2026 - Day 2: The onslaught continued on the second day with 15 additional unique zero-days. Hackers successfully compromised Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations.
Microsoft Exchange Zero-Day Exploit: Microsoft has rushed to issue mitigations for a high-severity vulnerability in Exchange Server that is actively being abused in the wild. The flaw targets Outlook on the web users, allowing for arbitrary code execution.
The Azure Vulnerability Dispute: Controversy is brewing as a security researcher claims Microsoft quietly patched a critical flaw in Azure Backup for AKS without issuing a CVE. Microsoft disputes the claim, stating the observed behavior was expected.
OpenAI Supply-Chain Breach: OpenAI has officially confirmed that two employee devices were compromised as part of the massive TanStack supply-chain incident, which affected hundreds of npm and PyPI packages. OpenAI has rotated its code-signing certificates as a precaution.
Security hygiene around download sources and platform integrations remains essential. SUBSCRIBE to stay updated on the latest vulnerabilities and tech news.