The Exchange

CISA Supply Chain Alert – Nx Console and GitHub Repositories Under Attack

CISA warned of active compromises targeting Nx Console VS Code extensions and GitHub repositories. Attackers are harvesting credentials and secrets for follow-on cloud access and ransomware staging. Audit extensions and rotate secrets immediately.

CISA Adds Three New Known Exploited Vulnerabilities to Catalog

Three additional entries joined the KEV catalog on May 27 with active exploitation confirmed. Federal agencies must meet binding remediation deadlines or document risk acceptance.

Microsoft Exchange CVE-2026-42897 – Active Exploitation Deadline Passed

On-prem Exchange servers remain exposed via an Outlook on the Web spoofing flaw. Deploy Exchange Emergency Mitigation Service rules without delay.

Google Launches AI Threat Defense Platform

Google Cloud’s new automated defense layer integrates threat intelligence and Wiz capabilities to counter AI-powered attacks at machine speed.

Google Cloud Expands Agentic AI Partnerships

New Workday and EQT integrations embed secure AI agents into enterprise workflows, accelerating governed adoption.

DOE CESER Highlights AI Data-Center Infrastructure Risks

Ongoing energy-sector guidance stresses resilience planning for AI-driven OT and data-center threats.

Topics We’re Tracking (But Didn’t Make the Cut)

• Ongoing FedRAMP 2026 rule previews

• Additional Google Cloud Next ’26 agent platform updates

• Early signals on OMB logging directive enforcement

Sources

• https://www.cisa.gov/news-events/alerts/2026/05/28/supply-chain-compromises-impact-nx-console-and-github-repositories

• https://www.cisa.gov/news-events/alerts/2026/05/27/cisa-adds-three-known-exploited-vulnerabilities-catalog

• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

• Google Cloud official announcements (May 28, 2026)

• DOE CESER resources (updated May 2026)

The Exchange Daily and Weekly deliver verified public-source intelligence for executive decision-makers. All information is from reputable, publicly available sources. Every effort is made to keep details accurate as of publication time, but readers should always confirm time-sensitive items such as policy changes, budget figures, and timelines with official documents and briefings. Always validate with primary sources before action.

The Exchange Daily and the Exchange Weekly do not constitute legal, investment, procurement, security, compliance, or technical advice. Content is for informational purposes only.

The Exchange Daily and Weekly are a production of Metora Solutions LLC, a HUBZone and Service Disabled Veteran Owned Small Business. All rights reserved. Copyright Metora Solutions LLC 2026.