Exchange Zero-Day & Supply Chain Threats May 2026 | SBCSG | The Small Business Cybersecurity Guy

Hello, Mauven here.

This is your Daily Threat Analysis for 15th May 2026.

Three significant threats are active today. Two are being exploited in the wild right now. One demonstrates, again, that supply chain exposure does not care how large or well-resourced your organisation is. I will take them in order of immediate operational risk.

Microsoft Exchange Zero-Day: Active Exploitation, No Patch

Microsoft has confirmed a high-severity zero-day vulnerability in Exchange Server that is being actively exploited in attacks. The flaw allows threat actors to execute arbitrary code via cross-site scripting targeting Outlook on the Web users.

To be direct about what that means: an attacker who can get a legitimate Outlook on the Web user to interact with a malicious payload can execute code in the context of that user’s session. The attack surface is your webmail interface, the one your staff use to access email from home, from client sites, from anywhere with a browser.

Microsoft has published mitigations. There is no patch yet.

If you are running on-premises Exchange Server, you need to apply those mitigations today. Not this week. Today. The advisory is live, the exploitation is confirmed, and the gap between advisory publication and widespread opportunistic scanning is measured in hours, not days.

What the advisory does not say, though it is worth stating plainly, is that on-premises Exchange has been one of the most consistently targeted server products in the threat landscape for the past four years. ProxyLogon, ProxyShell, ProxyNotShell: the pattern is well established. If your organisation is still running on-premises Exchange because migration to Exchange Online felt complicated or expensive, that calculation needs to be revisited. Today’s zero-day is not an anomaly. It is another entry in a long list.

What to do:

Apply Microsoft’s published mitigations immediately
Review IIS logs for anomalous requests to Outlook on the Web endpoints
If you are running Exchange Server 2016 or earlier, your migration timeline is no longer theoretical
Notify your IT provider or MSP, if they have not already contacted you about this, ask why not

Device Code Phishing: MFA Bypass at Scale

Proofpoint’s threat intelligence team has published analysis confirming what those of us watching authentication abuse have suspected for some time: device code phishing has gone fully commoditised.

Here is the mechanic. The OAuth 2.0 device authorisation flow was designed for devices that cannot display a full browser, smart TVs, printers, that sort of thing. It works by generating a short code that a user enters on a separate device to authorise access. Attackers have worked out how to abuse this flow by sending targets a phishing message that presents a legitimate-looking device code authorisation request. The user enters the code, believing they are authorising a legitimate service. They are actually handing the attacker an authenticated session token.

The reason this matters specifically for MFA: the victim has completed their MFA challenge as part of the legitimate authorisation flow. The attacker receives a fully authenticated token. Your MFA deployment did not fail, it worked exactly as designed. The attack operates above the authentication layer.

Toolkits including EvilTokens and Tycoon 2FA are now available as phishing-as-a-service offerings, with new variants appearing weekly according to Proofpoint. Microsoft 365 accounts are the primary target. This is not a sophisticated nation-state technique any more. It is commoditised.

The NCSC has published guidance on defending against OAuth abuse. The fact that these toolkits are proliferating suggests that guidance is not being acted on at the pace required.

What to do:

Review your Conditional Access policies in Microsoft 365 / Entra ID, specifically whether device code flow is permitted for all users or restricted
Consider blocking the device code authentication flow entirely for users who do not require it (most office workers do not)
Train staff to be suspicious of any authentication request they did not initiate themselves, regardless of how legitimate it appears
Audit recent device code authorisations in your Entra ID sign-in logs for anything anomalous

npm Supply Chain: OpenAI’s Developer Environment Compromised

Today’s third story carries a lesson that applies well beyond the organisation involved.

OpenAI confirmed that two employee devices were compromised after malware hidden in poisoned npm packages, part of what is being described as the TanStack supply chain incident, reached their developer environment. A limited amount of internal credential material was stolen.

TanStack is a widely used open-source JavaScript library. The attack used a campaign codenamed “mini shai-hulud” to embed malicious packages that mimicked legitimate dependencies.

For UK SMBs, the direct risk is not that your developers are using TanStack specifically. The risk is the pattern: legitimate, trusted open-source packages being poisoned and propagating through development pipelines before anyone notices. If your website, your internal tools, or any customer-facing system was built or is maintained by a development partner who works with npm packages, which is most of them, then their supply chain hygiene is your security concern.

This is not new. The NCSC has published guidance on software supply chain security. The incident today is a reminder that if it can reach OpenAI’s internal developer environment, it can reach a smaller development shop with less visibility and fewer controls.

What to do:

Ask your development partner or IT provider specifically what controls they have on third-party package installation
Request evidence of dependency scanning in their development pipeline
If they cannot answer the question, treat that as the answer
Review whether contractor or developer access to your systems is appropriately scoped and revocable

One to Watch: Agentic AI Risks

The NCSC published a blog today titled “Thinking carefully before adopting agentic AI”, the subheading is “make sure you can walk before you run.”

I will not analyse this at length today as the operational threat is not immediate, but I flag it because the message from the NCSC is relevant context. Organisations that are moving toward AI agents, systems that can take autonomous actions on behalf of users, access data, send emails, execute code, are introducing new attack surfaces that current security frameworks were not designed for. If your organisation is trialling agentic AI tooling, the question to ask is whether your existing access controls, audit logging, and incident response procedures were designed with autonomous AI actions in mind. In most cases, they were not.

Summary

Three action items from today’s brief:

Exchange zero-day mitigations: Apply them now if you run on-premises Exchange. Do not wait.
Device code phishing: Review your Conditional Access policies and consider restricting the device code authentication flow.
Supply chain question: Ask your IT provider or development partner what their dependency scanning practice looks like. If they look confused, that is your answer.

If your IT provider has not contacted you about the Exchange zero-day today, that is a conversation worth having.

Sources

Source	Title	URL
BleepingComputer	Microsoft warns of Exchange zero-day flaw exploited in attacks	https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/
Proofpoint	Device Code Phishing is an Evolution in Identity Takeover	https://www.proofpoint.com/us/blog/threat-insight/device-code-phishing-evolution-identity-takeover
The Register	OpenAI caught in TanStack npm supply chain chaos after employee devices compromised	https://www.theregister.com/security/2026/05/15/openai-caught-in-tanstack-npm-supply-chain-chaos-after-employee-devices-compromised/5241019
NCSC	Thinking carefully before adopting agentic AI	https://www.ncsc.gov.uk/blogs/thinking-carefully-before-adopting-agentic-ai
ReliaQuest	ClickFix Evolves with PySoxy Proxying	https://reliaquest.com/blog/threat-spotlight-clickfix-evolves-with-pysoxy-proxying
Microsoft MSRC	CVE-2026-40379 Azure Entra ID Spoofing Vulnerability	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40379