Monday, May 11, 2026

Microsoft 365 Exchange, Outlook, Teams Outage - May 9-10, 2026

Major Microsoft 365 outage affected Exchange Online, Outlook, and Teams calendar functionality beginning early May affecting thousands of users. Microsoft identified a recent control-plane change as root cause and began mitigation within 2 hours; nearly 98% of affected systems recovered by late morning. Temporary workaround: use Outlook on the Web instead of desktop client during degradation.

Classic Outlook Teams Meeting Add-in Crashes Fixed

Microsoft resolved a bug where older Classic Outlook builds crash when using the newest Teams Meeting Add-in (build 1.26.02603). Fix rolling out with Teams version 26058.712.4527.9297. Workaround: disable Teams Meeting Add-in, perform Online Repair, or update Outlook to latest build.

CVE-2026-31431 Copy Fail: Linux Kernel Privilege Escalation - Critical

A critical deterministic logic flaw (CVSS 7.8) in the Linux kernel's algif_aead module allows unprivileged local users to escalate to root using a 732-byte Python script. Affects virtually all major distributions (Ubuntu, RHEL, Amazon Linux, Debian, SUSE) released since 2017. CISA has added it to Known Exploited Vulnerabilities with active exploitation confirmed.

Apache HTTP/2 Double-Free RCE (CVE-2026-23918)

Apache httpd 2.4.66 mod_http2 contains a double-free vulnerability enabling denial-of-service and remote code execution when processing specific HTTP/2 frame sequences. Affects production deployments with HTTP/2 enabled. Patch immediately; researcher demonstrated RCE in lab conditions within minutes.

Ivanti EPMM Remote Code Execution (CVE-2026-6973)

Ivanti Endpoint Manager Mobile contains improper input validation allowing authenticated admins to execute remote code. CISA set May 10 deadline for federal agencies. Apply vendor patches immediately per Ivanti's May 2026 Security Advisory.

Palo Alto PAN-OS Captive Portal Zero-Day (CVE-2026-0300) - Active Exploitation

Palo Alto Networks PAN-OS Captive Portal contains an out-of-bounds write allowing unauthenticated RCE with root privileges on PA-Series and VM-Series firewalls. Actively exploited in the wild targeting SMBs. No patch until May 13, 2026 (Wave 1); mitigate by restricting portal access to trusted IPs and enabling Threat ID 510019.

SonicWall Authentication Bypass & Firewall Attacks Surge 56%

SonicWall Gen 6/7 devices vulnerable to authentication bypass (CVE-2026-0204) allowing unauthenticated VPN access and MFA bypass; still being exploited by Akira ransomware. Q1 2026 shows 56% of incidents involve SonicWall/Fortinet brute-force attacks. Patch to SonicOS 7.3.0+ immediately; reset all local user passwords.

Fortinet FortiCloud SSO Authentication Bypass (CVE-2026-24858)

FortiGate devices vulnerable to FortiCloud SSO bypass allowing attackers with any valid FortiCloud account to access other organizations' devices and create rogue admin accounts. Actively exploited. Upgrade to FortiOS 7.4.11+; disable FortiCloud SSO if unused.

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability enabling remote code execution. Added to CISA Known Exploited Vulnerabilities catalog May 2026. Apply vendor patches immediately.

ConnectWise 2026 MSP Threat Report: Identity Abuse Rising

ConnectWise's MSP Threat Report reveals attackers have shifted from novel exploits to abusing trusted identities, legitimate tools, and supply chains. Ransomware groups like Akira prioritize speed and early backup targeting. Report emphasizes PAM, EDR, SIEM, and immutable backup as critical defenses.

NinjaOne Reaches $5B Valuation, Achieves Gartner Leader Status

NinjaOne (formerly NinjaRMM) valued at $5 billion with 35,000+ customers and $500M+ ARR. Entered Gartner's Leader quadrant for Endpoint Management on first appearance; launched Formula 1 partnership with Audi and expanded into healthcare with strong adoption rates. Competing aggressively against Kaseya and ConnectWise.