Cybersecurity Brief – May 15, 2026

CISA added Cisco Catalyst SD-WAN vulnerability CVE-2026-20182 to its Known Exploited Vulnerabilities catalog Thursday following confirmed exploitation targeting administrative access. The agency's alert mandates federal agencies patch affected systems, reflecting active threat actor interest in the flaw. Separately, Microsoft's May Patch Tuesday addressed 120 vulnerabilities including 29 critical remote code execution flaws across Windows, Office, Azure, and Microsoft 365 platforms—notably without any zero-day exploits currently seen in the wild.

Foxconn confirmed a ransomware attack by the Nitrogen threat group impacting North American facilities, with attackers claiming exfiltration of over eight terabytes of data comprising 11 million files, including schematics from major technology clients. The breach underscores persistent targeting of manufacturing supply chains. Meanwhile, Comcast reached a $117.5 million settlement over its October 2023 Xfinity breach that exposed millions of customers' credentials and partial Social Security numbers, marking one of the larger data breach settlements in recent months.

A cybersecurity incident in Taiwan drew attention to operational technology vulnerabilities after a student using software-defined radio disrupted three high-speed trains for nearly an hour, exposing critical gaps in rail system security. On the policy front, NIST announced plans to release AI-specific cybersecurity guidelines this summer as two independent analyses from UK AISI and Palo Alto Networks indicate frontier AI systems have surpassed existing autonomous cybersecurity benchmarks, raising concerns about AI-enabled threat capabilities.

Sources: The Hacker News · CISA · Cybersecurity News · Cybersecurity Dive · Yahoo Finance · Dark Reading · Nextgov · National CIO Review