Security Digest - May 22, 2026

Daily security intelligence briefing for infrastructure and endpoint management teams. Consolidated from authoritative research, vendor advisories, and community discussions.

• Generated (UTC): 2026-05-22 16:18:36 +00:00
• Lookback window: 7 days

🚀 Top Research & Advisories

• Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor - (Reddit r/Windows11) submitted by /u/asdf9asdf9 [link] [comments]

  Action: Review encryption policy and remediation gaps.

💻 AppSec

• 5,561 GitHub repos got malicious CI/CD commits injected in 6 hours. The commits looked exactly like routine bot maintenance. Here is what happened and how to check if you were hit. - (Reddit r/cybersecurity) Monitor developer tool vulnerabilities and supply chain risks.

• CVE-2026-44309 - (CVE.org) Monitor developer tool vulnerabilities and supply chain risks.

• CVE-2026-44310 - (CVE.org) Monitor developer tool vulnerabilities and supply chain risks.

• CVE-2026-44774 - (CVE.org) Monitor developer tool vulnerabilities and supply chain risks.

• CVE-2026-45036 - (CVE.org) Monitor developer tool vulnerabilities and supply chain risks. Review Office update channel health and security baseline compliance.

• CVE-2026-45539 - (NVD) Monitor developer tool vulnerabilities and supply chain risks.

• Mail deliverability issues: reputation or p=reject? - (Reddit r/sysadmin) Review .NET runtime vulnerabilities and apply patches. Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

• Microsoft just removed major “friction” from VS Code in its latest weekly update - (Neowin) Monitor developer tool vulnerabilities and supply chain risks.

🏗 Infrastructure

• Mail deliverability issues: reputation or p=reject? - (Reddit r/sysadmin) Review .NET runtime vulnerabilities and apply patches. Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

• User Onboarding with IAM - (Reddit r/cybersecurity) Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

🛡 Security Ops

• Am I Getting Fucked Friday, May 22nd 2026 - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Review security controls and policy updates.

• Help with evilginx - (Reddit r/cybersecurity) Review CA/MFA settings for tightening opportunities.

• Intune/azure Passkeys now compromised in addition to MFA? - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Review Office update channel health and security baseline compliance.

🛠 Infrastructure & Endpoint Control

• Already created a report in Feedback Hub - Windows 11 Home doesn’t display tooltips for the buttons on taskbar if a window is maximized and focused - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Am I Getting Fucked Friday, May 22nd 2026 - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Review security controls and policy updates.

• Copilot agentic AI comes to Edge for Business - (Neowin) Validate Edge/WebView2 coverage; refresh managed package.

• CVE-2026-45036 - (CVE.org) Monitor developer tool vulnerabilities and supply chain risks. Review Office update channel health and security baseline compliance.

• Edge Downloads Stalling - (Reddit r/sysadmin) Validate Edge/WebView2 coverage; refresh managed package.

• Google accidentally exposed details of unfixed Chromium flaw - (BleepingComputer) Validate Chrome coverage; update managed package if needed.

• Intune/azure Passkeys now compromised in addition to MFA? - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Review Office update channel health and security baseline compliance.

• Legit Microsoft Contractor or MSP trying to sneak in? - (Reddit r/sysadmin) Confirm Adobe exposure; push updated deployment.

• Mail deliverability issues: reputation or p=reject? - (Reddit r/sysadmin) Review .NET runtime vulnerabilities and apply patches. Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

• Microsoft admits one of the most basic, useful Outlook features is broken - (Neowin) Review Office update channel health and security baseline compliance.

• Microsoft apparently blames researcher for publicly exposing a Windows 11 Recovery flaw - (Neowin) Review encryption policy and remediation gaps. Validate workstation security baseline and update compliance.

• Microsoft is fixing one of the most annoying things about Windows 11 — ‘spam’ in search results when looking for files and settings on your PC - (Reddit r/Windows11) Validate Edge/WebView2 coverage; refresh managed package. Validate workstation security baseline and update compliance.

• Microsoft is killing SMS codes for Microsoft account sign-in, aggressively pushes passkeys on Windows 11 - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft plans to improve Windows 11 driver quality in 2026 - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft warns of new Defender zero-days exploited in attacks - (BleepingComputer) Review security controls and policy updates.

• New? Suspicious Message Label on Exchange Message - (Reddit r/sysadmin) Review security controls and policy updates.

• Partial M365 tenant exit - (Reddit r/sysadmin) Review Office update channel health and security baseline compliance.

• Ultimate Cybersecurity without needing AV ect? - (Reddit r/cybersecurity) Review Office update channel health and security baseline compliance. Review security controls and policy updates.

• User Onboarding with IAM - (Reddit r/cybersecurity) Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

• Windows 11’s new “Haptic Signals” feature is a quality of life upgrade I didn’t realize the OS needed until I tried it - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• WTF happened to patch tuesday posts? - (Reddit r/sysadmin) Evaluate update rings and expedite actions if needed.

🔍 Quick Links (Watch Items)

• How do you handle access user access to shared mailboxes? - (Reddit r/sysadmin)
• I analyzed 5,000 spam emails from public abuse feeds. 71% came from just 3 hosting providers. Here is what I found. - (Reddit r/sysadmin)
• WTF happened to patch tuesday posts? - (Reddit r/sysadmin)
• Am I Getting Fucked Friday, May 22nd 2026 - (Reddit r/sysadmin)
• The CISO’s Guide to IDE Security in 2026 - (Reddit r/cybersecurity)
• Study: Do AI-Aided Software Builders Care About Security? - (Reddit r/cybersecurity)
• Does Security Implement Fixes? - (Reddit r/cybersecurity)
• 14 npm/PyPI/AI Supply-Chain Threats Today (2026-05-22): Critical Worms, Credential Harvesting, and RCEs - (Reddit r/cybersecurity)
• Microsoft apparently blames researcher for publicly exposing a Windows 11 Recovery flaw - (Neowin)
• do rollbacks change a PC’s history? - (Reddit r/Windows11)