Cyber Security News

Hacking Editorial Brief – May 17, 2026

Iranian Actors Target U.S. Fuel Infrastructure

U.S. officials are investigating suspected Iranian threat actors for breaching automatic tank gauge (ATG) systems at American gas stations. The intrusion affected unsecured monitoring systems that display fuel inventory levels, with attackers successfully altering display readings without changing actual fuel quantities. The targeting of critical infrastructure components, even peripheral systems like ATG devices, demonstrates continued Iranian focus on U.S. energy sector assets. While the immediate impact was limited to display manipulation, the incident highlights persistent vulnerabilities in internet-connected industrial control systems that were deployed without adequate security controls.

Microsoft Exchange Zero-Day Under Active Exploitation

Microsoft disclosed CVE-2026-42897, a high-severity zero-day vulnerability affecting on-premises Exchange Server installations. The flaw enables spoofing attacks through specially crafted emails, with attackers able to impersonate legitimate senders. Microsoft has released mitigations but no patch is currently available, leaving organizations running on-premises Exchange environments exposed. The disclosure follows Microsoft's established pattern of providing temporary workarounds for Exchange vulnerabilities while developing comprehensive fixes. Organizations should prioritize implementing the published mitigations immediately, particularly those in sectors frequently targeted by nation-state actors known to exploit messaging infrastructure for initial access and business email compromise campaigns.

Sources: Yeni Safak · MSN · Infosecurity Magazine