Cyber threat intelligence teams are continuing to monitor increased exploitation activity targeting trusted enterprise services and identity workflows. This week’s intelligence summary examines active exploitation against Microsoft Exchange Server, alongside wider developments affecting software repositories, cloud identity infrastructure, VPN access, and operational technology environments.
The report explores how attackers are increasingly leveraging authenticated sessions, trusted relationships, and supply-chain compromise techniques to expand access, maintain persistence, and accelerate post-compromise activity across enterprise environments.
For additional guidance on securing Microsoft Exchange environments and monitoring active vulnerabilities, see Microsoft’s advisory coverage.
Download the full Weekly Cyber Threat Intelligence Summary – 26 May 2026
