Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws
5/19/202613 min
A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws.
In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know.
Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. Contact them at material[dot]security
Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users.
Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces.
In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running.
Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083).
If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see.
Chapters:
00:00 Sponsor Message
00:24 Headlines Intro
00:49 Ransomware Nation-State Discipline
04:18 Exchange Zero-Day Mitigation
07:01 Fired Contractors Caught Recording
09:21 Fortinet Critical Vulnerabilities
11:07 Wrap Up and Sign Off
11:38 Sponsor Deep Dive Ad
#Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday
Transcript preview
First 90 secondsSpeaker 00:00
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material.security.
David Shipley· Host0:23
[upbeat music] Ransomware crews act with nation state discipline. Another Exchange zero day, mitigation only for now. Fired contractors recorded their own crimes. And two more Fortinet critical vulnerabilities. This is Cybersecurity Today, and I'm your host, David Shipley. Let's get started. Ransomware affiliates are showing signs of operating with the same discipline as nation state actors, according to a new analysis from cybersecurity researcher Marcus Hutchins. In a LinkedIn post, Hutchins documented what he found while investigating a recent ransomware attack. The attackers had deployed an EDR killer, a piece of malware designed to disable endpoint detection and response software, the modern replacement for classic antivirus. EDR killers typically work by loading a legitimate, digitally signed third party driver into the Windows kernel, a driver that happens to have a known vulnerability. The