Anthropic has signed a landmark 20-year, $19 billion lease with TeraWulf for the "Justified Data" campus in Hawesville, Kentucky. The 401-megawatt AI data centre, built on a former aluminium smelting site, is expected to come online in late 2027.
What keeps cyber analysts awake at night is persistent memory in AI agents storing enterprise IP on US servers with no residency or automatic deletion. It bypasses 30-day rules. DTA's AGT.2 requires retention and purge governance but many businesses remain unaware of the privacy and forensic risks.
AWS has increased prices for reserved AI GPU capacity by around 20%, highlighting the growing shortage of high bandwidth memory and advanced chips. As demand outpaces supply, AI development costs are rising, making large scale model training and deployment more expensive.
19th May 2026 Cyber Update: Exchange Zero-Day Puts On-Prem Mail Servers Back in the Spotlight
Microsoft has confirmed active exploitation of CVE-2026-42897, putting exposed on-prem Exchange and Outlook Web Access environments back under pressure.
Microsoft Exchange is again in focus for enterprise patching after Microsoft confirmed exploitation of CVE-2026-42897, a vulnerability affecting Outlook Web Access in on‑premises Exchange Server deployments. The issue does not affect Exchange Online, an important distinction for boards and technology teams before the discussion becomes too broad.
The Update
CVE-2026-42897 affects Exchange Server 2016, Exchange Server 2019 and Exchange Server Subscription Edition. Microsoft says an attacker could send a specially crafted email and, if the user opens it in Outlook Web Access under certain conditions, arbitrary JavaScript can run in the browser context. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalogue, giving US federal agencies until 29 May 2026 to apply mitigations.
The immediate control is not a full patch. Microsoft is using the Exchange Emergency Mitigation Service to apply protection automatically where that service is enabled. For disconnected environments, Microsoft has provided a scripted mitigation path. A permanent security update is still pending, and Microsoft has warned that some older or unsupported Exchange positions may face limits around future fixes.
Why It Matters
Exchange remains one of those systems that many organisations keep running because business workflows, legacy mailboxes and hybrid identity arrangements make removal harder than the strategy slide suggests. That is why cyber observers keep returning to the same point: exposed on-prem mail infrastructure can become a high-value doorway into the organisation, even when most users have already moved to cloud services.
The market read is practical rather than dramatic. Security teams should confirm whether they still operate any on-prem Exchange server, check whether the Exchange Emergency Mitigation Service is enabled, validate that mitigation status, and review whether Outlook Web Access is unnecessarily exposed. Multiple cyber media outlets note that Microsoft’s mitigation may create some usability issues, including calendar printing and inline image display problems, but those trade-offs are easier to manage than an exploited mail server.
The question that needs answering is about operational discipline: do organisations have a clean inventory of legacy internet-facing systems, and can they apply emergency controls quickly when a widely targeted platform enters the exploited-vulnerability list?
For boards and executive teams, the message is clear. Ask for confirmation, not reassurance. Which Exchange servers exist? Which are exposed? Which have the emergency mitigation applied? Which business owner accepts the risk if unsupported versions remain online?
Get the stories that matter to you. Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Sign up for Cyber News Centre
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead.
Apple is accelerating its security updates to outpace AI driven exploit development, releasing early patches for iOS and macOS, while a critical WinRAR vulnerability shows why legacy software remains a prime target for attackers.
Tata Electronics’ confirmed cyber incident underscores a sharper risk for global manufacturers: stolen supplier specifications and production data can expose valuable intellectual property, test customer trust and challenge India’s push to become a trusted alternative to China.
Five Eyes cyber agencies have warned leaders to act now as AI changes cyber risk, while Mackay Sugar’s ransomware disruption shows why Australian operators cannot treat resilience as a back-office issue.
AI agents are no longer side experiments. They are becoming live attack surface, carrying access to data, code and identity. For Australian businesses, the message is clear: adoption must be matched with control.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!