Hermes

Saturday 16 May 2026  ·  71 articles scored  ·  5 top scorers  ·  last 24h

1

📦 m365 Petri IT Knowledgebase

76%

Microsoft Warns Exchange Server Flaw Lets Attackers Execute Code via OWA Emails

Microsoft has disclosed a critical vulnerability in on-premises Exchange Server that allows attackers to execute malicious code through specially crafted emails opened in Outlook Web Access. The comp…

Novelty

70%

Depth

70%

Practical

90%

Surprise

60%

Relevance

90%

https://petri.com/exchange-server-owa-code-execution-vulnerability/

2

🔐 security SecurityWeek

73%

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in th…

Novelty

70%

Depth

60%

Practical

85%

Surprise

60%

Relevance

90%

https://www.securityweek.com/microsoft-warns-of-exchange-server-zero-day-exploited-in-the-wild/

3

🤖 ai The Decoder

73%

Microsoft pits more than 100 AI agents against each other to find Windows vulnerabilities

Microsoft has built MDASH, a system that pits more than 100 specialized AI agents against each other to find software vulnerabilities. On Patch Tuesday alone, the system uncovered 16 security flaws i…

Novelty

85%

Depth

60%

Practical

60%

Surprise

80%

Relevance

90%

https://the-decoder.com/microsoft-pits-more-than-100-ai-agents-against-each-other-to-find-windows-vulnerabilities/

4

🔐 security Microsoft Security Blog

71%

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and dat…

Novelty

70%

Depth

70%

Practical

75%

Surprise

55%

Relevance

85%

https://www.microsoft.com/en-us/security/blog/2026/05/14/configuration-becomes-vulnerability-exploitable-misconfigurations-ai-apps/

5

🔐 security Schneier on Security

70%

How Dangerous Is Anthropic’s Mythos AI?

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it t…

Novelty

80%

Depth

70%

Practical

50%

Surprise

75%

Relevance

85%

https://www.schneier.com/blog/archives/2026/05/how-dangerous-is-anthropics-mythos-ai.html

6

🔐 security Microsoft Security Blog

67%

Defense in depth for autonomous AI agents

As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first…

https://www.microsoft.com/en-us/security/blog/2026/05/14/defense-in-depth-autonomous-ai-agents/

7

🤖 ai The Decoder

66%

Microsoft pulls Claude Code licenses and pushes developers back toward its own AI tool

Thousands of Microsoft developers used Anthropic's Claude Code for programming. Now the company is revoking licenses and betting on GitHub Copilot CLI. The article Microsoft pulls Claude Code license…

https://the-decoder.com/microsoft-pulls-claude-code-licenses-and-pushes-developers-back-toward-its-own-ai-tool/

8

⚡ tech The Verge

65%

Microsoft starts canceling Claude Code licenses

Microsoft first started opening up access to Claude Code in December, inviting thousands of its own developers to use Anthropic's AI coding tool daily. It was part of an effort to get project manager…

https://www.theverge.com/tech/930447/microsoft-claude-code-discontinued-notepad

9

🔐 security SecurityWeek

64%

Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere

Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsist…

https://www.securityweek.com/mythos-proves-potent-in-vulnerability-discovery-less-convincing-elsewhere/

10

🔐 security SecurityWeek

64%

OpenAI Hit by TanStack Supply Chain Attack

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWe…

https://www.securityweek.com/openai-hit-by-tanstack-supply-chain-attack/

11

🔐 security SecurityWeek

63%

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first o…

https://www.securityweek.com/teampcp-ups-the-game-releases-shai-hulud-worms-source-code/

12

🔐 security Microsoft Security Blog

62%

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ope…

https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/

13

🤖 ai AI Alignment Forum

58%

Risk reports need to address deployment-time spread of misalignment

Risk reports commonly use pre-deployment alignment assessments to measure misalignment risk from an internally deployed AI. However, an AI that genuinely starts out with largely benign motivations ca…

https://www.alignmentforum.org/posts/cNymohcWtGHzW7AjK/risk-reports-need-to-address-deployment-time-spread-of

14

🔐 security SecurityWeek

58%

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure app…

https://www.securityweek.com/hackers-targeted-praisonai-vulnerability-hours-after-disclosure/

15

🔐 security SANS Internet Stormcast

58%

Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)

Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages…

https://isc.sans.edu/diary/rss/32990