Security Digest - May 18, 2026

Daily security intelligence briefing for infrastructure and endpoint management teams. Consolidated from authoritative research, vendor advisories, and community discussions.

Generated (UTC): 2026-05-18 16:44:12 +00:00
Lookback window: 7 days

🚀 Top Research & Advisories

CVE-2026-42603 - (CVE.org) OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out and execut…

Action: Monitor developer tool vulnerabilities and supply chain risks.
KB5089549: Microsoft just made it easier to install the mandatory crucial Windows 11 updates - (Neowin) KB5089549 introduces a new change that simplifies the update for the mandatory critical security update on Windows 11. Read more…

Action: Validate workstation security baseline and update compliance.
Mean time-to-exploit just hit 2.1 days. Critical vulnerabilities everywhere. Is the AI apocalypse here? - (Reddit r/sysadmin) Cross poast (not enough carma) Original: https://www.reddit.com/r/cybersecurity/s/YXHq4yYE3M Mandiant's new figure: attacks begin 7 days before the patch ships. Patch Tuesday is now exploit-last-Friday Supporting stats: -- 71% of known exploits…

Action: Evaluate update rings and expedite actions if needed.

💻 AppSec

Exchange forwarding rule alert has been triggered - (Reddit r/sysadmin) Review .NET runtime vulnerabilities and apply patches.
Suspicious with a company offer letter - (Reddit r/cybersecurity) Review .NET runtime vulnerabilities and apply patches. Review security controls and policy updates.
why does every k8s upgrade break a different ingress controller - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks.

🏗 Infrastructure

[Help] Best FOSS stack for Network Share Auditing (Win11 Workgroup) – Need “Who, What, When” without the noise. - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance. Review server hardening and AD security posture. Validate workstation security baseline and update compliance.
Azure Virtual Desktop Hybrid running on my homelab Nutanix cluster!! - (Reddit r/sysadmin) Review server hardening and AD security posture.
DHCP audit log size — what’s your sweet spot for ~250 scopes? - (Reddit r/sysadmin) Review server hardening and AD security posture.
YellowKey Mitigation - (Reddit r/cybersecurity) Review encryption policy and remediation gaps. Review server hardening and AD security posture.

🛠 Infrastructure & Endpoint Control

“Atrocious implementation”: Microsoft’s unremovable Copilot button is driving Excel users crazy with forced AI in spreadsheets - (Reddit r/Windows11) Review Office update channel health and security baseline compliance.
[Help] Best FOSS stack for Network Share Auditing (Win11 Workgroup) – Need “Who, What, When” without the noise. - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance. Review server hardening and AD security posture. Validate workstation security baseline and update compliance.
Built a free OneDrive/SharePoint drive-letter sync client with thumbnails, real cloud quota in Explorer, local-first, and no telemetry - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.
Closer look at the updated taskbar in Windows 11: movable, resizable - (Neowin) Validate workstation security baseline and update compliance.
Defender Discovery Causing networking headaches or is something worse happening - (Reddit r/sysadmin) Review security controls and policy updates.
Helping a friend migrate Google Workspace to M365 (6 users, 25GB max mailbox) native tools or third party? - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.
Here is how to remap the Copilot key in Windows 11, without Microsoft’s upcoming “fix” - (Neowin) Validate workstation security baseline and update compliance.
I made Windows 11 look like 7 - (Reddit r/Windows11) Validate workstation security baseline and update compliance.
M365 Admin in Baltimore/DC, like money, where’s the next jump? - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.
Microsoft admits Windows 11 Copilot key was a bad idea, Right Ctrl remap option coming soon - (Neowin) Validate workstation security baseline and update compliance.
Microsoft admits Windows 11’s dedicated Copilot key breaks certain workflows: Confirms plans to let users restore “Right Ctrl” or “Context menu” key later this year - (Reddit r/Windows11) Validate workstation security baseline and update compliance.
Microsoft backpedals: Edge to stop loading passwords into memory - (BleepingComputer) Validate Edge/WebView2 coverage; refresh managed package.
Microsoft confirms Teams slowdown due to new outage - (Neowin) Review Office update channel health and security baseline compliance.
Microsoft confirms Windows 11 security update install issues - (Reddit r/cybersecurity) Validate workstation security baseline and update compliance.
Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922 - (CybersecurityNews) Validate workstation security baseline and update compliance.
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own - (BleepingComputer) Validate workstation security baseline and update compliance.
Microsoft is testing different Windows 11 taskbar positions per monitor and new Start menu controls - (Reddit r/Windows11) Validate workstation security baseline and update compliance.
Microsoft testing adjustable taskbar, Start menu in Windows 11 - (BleepingComputer) Validate workstation security baseline and update compliance.
Migration to new domain M365 DNS email records…question - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.
Moving old emails from pop3 account to exchange - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.
Regarding Windows K2, and the community’s peculiar response to it - (Reddit r/Windows11) Validate workstation security baseline and update compliance.
Suspicious with a company offer letter - (Reddit r/cybersecurity) Review .NET runtime vulnerabilities and apply patches. Review security controls and policy updates.
This ultra-lightweight Linux OS just saved my Windows 10 laptop from the scrapheap - (Neowin) Validate workstation security baseline and update compliance.
Why Windows 11 cumulative updates became so huge in file size? 5.2 GB compared to just 800 MB for the latest Windows 10 update. - (Reddit r/Windows11) Evaluate update rings and expedite actions if needed. Validate workstation security baseline and update compliance.
Windows 11 KB5089549 can be planted with deadly Registry hack to take over your system - (Neowin) Validate workstation security baseline and update compliance.
YellowKey Mitigation - (Reddit r/cybersecurity) Review encryption policy and remediation gaps. Review server hardening and AD security posture.

🔍 Quick Links (Watch Items)

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild - (CybersecurityNews)
MCP security - (Reddit r/cybersecurity)
Mean time-to-exploit just hit 2.1 days. Critical vulnerabilities everywhere. Is the AI apocalypse here? - (Reddit r/sysadmin)
M365 Admin in Baltimore/DC, like money, where’s the next jump? - (Reddit r/sysadmin)
Most AI agent governance playbooks still assume you can turn the agent off… Once its wired into production that stops being true [Rethinking AI security through a dimmer switch lens] - (Reddit r/cybersecurity)
What’s your company’s actual PQC migration plan? Not the one on paper - the real one. - (Reddit r/cybersecurity)
Is AI-generated code actually making websites less secure? - (Reddit r/cybersecurity)
Linus Torvalds Says AI Bug Reports Have Made Linux Security Mailing List Unmanageable - (CybersecurityNews)
Microsoft confirms Windows 11 security update install issues - (Reddit r/cybersecurity)
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ - (Reddit r/cybersecurity)