On Friday, Elon Musk priced the largest float in history. SpaceX listed on the Nasdaq at about $1.8 trillion, minting the world's first trillionaire and fusing the space economy with the AI trade. Inside one lifetime, compute and capital have become statecraft. The sky just became an asset class.
Anthropic’s Fable 5 sharpens reasoning and workflow performance, but early developer reports suggest safety filters may restrict its full capability in sensitive fields. The launch raises a key question: are users paying for better models, or conditional access?
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
Microsoft has confirmed active exploitation of CVE-2026-42897, putting exposed on-prem Exchange and Outlook Web Access environments back under pressure.
Microsoft Exchange is again in focus for enterprise patching after Microsoft confirmed exploitation of CVE-2026-42897, a vulnerability affecting Outlook Web Access in on‑premises Exchange Server deployments. The issue does not affect Exchange Online, an important distinction for boards and technology teams before the discussion becomes too broad.
CVE-2026-42897 affects Exchange Server 2016, Exchange Server 2019 and Exchange Server Subscription Edition. Microsoft says an attacker could send a specially crafted email and, if the user opens it in Outlook Web Access under certain conditions, arbitrary JavaScript can run in the browser context. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalogue, giving US federal agencies until 29 May 2026 to apply mitigations.
The immediate control is not a full patch. Microsoft is using the Exchange Emergency Mitigation Service to apply protection automatically where that service is enabled. For disconnected environments, Microsoft has provided a scripted mitigation path. A permanent security update is still pending, and Microsoft has warned that some older or unsupported Exchange positions may face limits around future fixes.
Exchange remains one of those systems that many organisations keep running because business workflows, legacy mailboxes and hybrid identity arrangements make removal harder than the strategy slide suggests. That is why cyber observers keep returning to the same point: exposed on-prem mail infrastructure can become a high-value doorway into the organisation, even when most users have already moved to cloud services.
The market read is practical rather than dramatic. Security teams should confirm whether they still operate any on-prem Exchange server, check whether the Exchange Emergency Mitigation Service is enabled, validate that mitigation status, and review whether Outlook Web Access is unnecessarily exposed. Multiple cyber media outlets note that Microsoft’s mitigation may create some usability issues, including calendar printing and inline image display problems, but those trade-offs are easier to manage than an exploited mail server.
The question that needs answering is about operational discipline: do organisations have a clean inventory of legacy internet-facing systems, and can they apply emergency controls quickly when a widely targeted platform enters the exploited-vulnerability list?
For boards and executive teams, the message is clear. Ask for confirmation, not reassurance. Which Exchange servers exist? Which are exposed? Which have the emergency mitigation applied? Which business owner accepts the risk if unsupported versions remain online?
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
CISA has added an actively exploited LiteSpeed cPanel Plugin flaw to its KEV catalogue, with hosting providers urged to patch or remove the vulnerable user-end plugin.
CISA’s latest KEV update mixes new Microsoft Defender flaws with legacy Windows and Adobe bugs, showing why exploited risk often sits in forgotten systems.
NGINX Rift shows how a small rewrite-rule pattern can become a large operational risk. The flaw is not a universal one-request takeover, but exposed NGINX estates should still treat patching and configuration review as urgent.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
