Security Digest - May 21, 2026

Daily security intelligence briefing for infrastructure and endpoint management teams. Consolidated from authoritative research, vendor advisories, and community discussions.

• Generated (UTC): 2026-05-21 16:35:32 +00:00
• Lookback window: 7 days

🚀 Top Research & Advisories

• My older coworkers have accepted AI as the source of truth - (Reddit r/sysadmin) I am a 25 y.o mid level engineer in an older classic on prem infra team (average age around 45) and we manage a nice mix of Linux / Windows servers. We are also in business critical so we can't just blindly copy and paste data into the LLM of our…

  Action: Review Office update channel health and security baseline compliance.

• New Microsoft Defender 0‑Days Actively Exploited in the Wild - (CybersecurityNews) System.Xml.XmlElement

  Action: Review security controls and policy updates.

• Two Microsoft Defender vulnerabilities actively exploited. One grants full SYSTEM access. CISA has a June 3 federal deadline. Here is what to check. - (Reddit r/cybersecurity) Microsoft confirmed today that two Defender flaws are being exploited in the wild right now. CVE-2026-41091 allows privilege escalation to SYSTEM level. CVE-2026-45498 is a denial-of-service bug that can take Defender offline. Both are on CISA's…

  Action: Review security controls and policy updates.

💻 AppSec

• CVE-2026-44514 - (NVD) Monitor developer tool vulnerabilities and supply chain risks.

• Flipper One - Asking for help from the community - (Reddit r/cybersecurity) Review .NET runtime vulnerabilities and apply patches.

• GitHub confirms breach of 3,800 repos via malicious VSCode extension - (BleepingComputer) Monitor developer tool vulnerabilities and supply chain risks.

• Microsoft just removed major “friction” from VS Code in its latest weekly update - (Neowin) Monitor developer tool vulnerabilities and supply chain risks.

• P2PInfect Botnet Compromises Kubernetes Clusters Through Exposed Redis Instances - (CybersecurityNews) Monitor developer tool vulnerabilities and supply chain risks.

• Setting up on premises LLM infrastructure for coding at a software company. - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks.

🏗 Infrastructure

• DNS blocked by Cisco Umbrella, but symantec EDR & Event Viewer are completely blind - (Reddit r/cybersecurity) Review server hardening and AD security posture. Validate Edge/WebView2 coverage; refresh managed package.

🛡 Security Ops

• 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros (Yes there is another one, only a CVS 5.5 though this time, still looks pretty bad though) - (Reddit r/cybersecurity) Validate Cloud Agent release and health.

• Hackers bypass SonicWall VPN MFA due to incomplete patching - (BleepingComputer) Review CA/MFA settings for tightening opportunities.

• How have you navigated Microsoft’s push to B2B Collaboration? - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities.

• Neither MFA, Passkey, nor trusted IP help here - (Reddit r/cybersecurity) Review CA/MFA settings for tightening opportunities.

🛠 Infrastructure & Endpoint Control

• “Atrocious implementation”: Microsoft’s unremovable Copilot button is driving Excel users crazy with forced AI in spreadsheets - (Reddit r/Windows11) Review Office update channel health and security baseline compliance.

• AD Users and Computers - W11 arm64 - (Reddit r/sysadmin) Validate workstation security baseline and update compliance.

• Alias appearing rather than primary mailbox in outlook - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.

• AMD launches $4000 Ryzen AI Halo local AI monster for Windows 11 with 128GB RAM - (Neowin) Validate workstation security baseline and update compliance.

• Can I block outbound connections to Google cloud on my host firewall? What port? What IP range? Any advice. Trying to prevent Google spying and collecting data - (Reddit r/cybersecurity) Review security controls and policy updates.

• Copilot agentic AI comes to Edge for Business - (Neowin) Validate Edge/WebView2 coverage; refresh managed package.

• CVE-2025-62305 - (NVD) Evaluate update rings and expedite actions if needed.

• CVE-2026-44515 - (NVD) Confirm Adobe exposure; push updated deployment.

• DNS blocked by Cisco Umbrella, but symantec EDR & Event Viewer are completely blind - (Reddit r/cybersecurity) Review server hardening and AD security posture. Validate Edge/WebView2 coverage; refresh managed package.

• LibreOffice bashes Microsoft for “absurd” OOXML format and Excel’s handling of dates - (Neowin) Review Office update channel health and security baseline compliance.

• MacOS EDR / Defender for Endpoint Deployment - mixed instructions and GUI leading me in the wrong direction - (Reddit r/sysadmin) Review security controls and policy updates.

• Microsoft 365 Tenant Migration Issue — Old .onmicrosoft.com Identity Still Showing in Outlook - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.

• Microsoft admits one of the most basic, useful Outlook features is broken - (Neowin) Review Office update channel health and security baseline compliance.

• Microsoft admits Windows 11’s dedicated Copilot key breaks certain workflows: Confirms plans to let users restore “Right Ctrl” or “Context menu” key later this year - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft Defender for Identity – “Suspected account enumeration” with Source Computer Name = NULL - (Reddit r/sysadmin) Review security controls and policy updates.

• Microsoft is fixing one of the most annoying things about Windows 11 — ‘spam’ in search results when looking for files and settings on your PC - (Reddit r/Windows11) Validate Edge/WebView2 coverage; refresh managed package. Validate workstation security baseline and update compliance.

• Microsoft is killing SMS codes for Microsoft account sign-in, aggressively pushes passkeys on Windows 11 - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft is testing different Windows 11 taskbar positions per monitor and new Start menu controls - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft plans to improve Windows 11 driver quality in 2026 - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft warns of new Defender zero-days exploited in attacks - (Reddit r/cybersecurity) Review security controls and policy updates.

• Mitigating DDoS-like AI (?) crawling of APIs - (Reddit r/sysadmin) Validate Chrome coverage; update managed package if needed. Validate Edge/WebView2 coverage; refresh managed package.

• Windows 11’s new “Haptic Signals” feature is a quality of life upgrade I didn’t realize the OS needed until I tried it - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Windows Defender Org ID is completely different on our devices from what we’re seeing in security.microsoft.com - (Reddit r/sysadmin) Review security controls and policy updates.

🔍 Quick Links (Watch Items)

• Ask me questions for 5 yrs expericed information security analyst - (Reddit r/cybersecurity)
• CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox - (Reddit r/cybersecurity)
• Microsoft Defender for Identity – “Suspected account enumeration” with Source Computer Name = NULL - (Reddit r/sysadmin)
• FaceTec (ID verification) company appears to store user biometrics - (Reddit r/cybersecurity)
• CVE-2026-34474: ZTE H298A / H108N routers expose credentials before authentication - (Reddit r/cybersecurity)
• Two Microsoft Defender vulnerabilities actively exploited. One grants full SYSTEM access. CISA has a June 3 federal deadline. Here is what to check. - (Reddit r/cybersecurity)
• MacOS EDR / Defender for Endpoint Deployment - mixed instructions and GUI leading me in the wrong direction - (Reddit r/sysadmin)
• 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros (Yes there is another one, only a CVS 5.5 though this time, still looks pretty bad though) - (Reddit r/cybersecurity)
• cyber security remote - (Reddit r/cybersecurity)
• Windows Defender Org ID is completely different on our devices from what we’re seeing in security.microsoft.com - (Reddit r/sysadmin)