Morning Review in IT Security — May 14, 2026

The cybersecurity landscape continues to face mounting pressure from critical infrastructure vulnerabilities, supply chain compromises, and sophisticated malware campaigns. Today's review covers emerging threats spanning mail server flaws, ransomware attacks on defense contractors, BitLocker bypass exploits, and widespread open-source package poisoning.

New Critical Exim Mailer Flaw Allows Remote Code Execution

A critical vulnerability has been discovered in certain configurations of the Exim open-source mail transfer agent that could enable unauthenticated remote attackers to execute arbitrary code. The flaw, tracked as CVE-2026-45185, represents a significant risk to organizations relying on Exim for mail services. Source: New critical Exim mailer flaw allows remote code execution

NTN Bearing Corporation Hit by PayoutsKing Ransomware

NTN Bearing Corporation of America, a major ball and roller bearing manufacturer, has reportedly fallen victim to a PayoutsKing ransomware attack. The incident resulted in the exfiltration of approximately 596 gigabytes of data, including sensitive documents related to the United States Army JLTV program. This breach underscores the ongoing vulnerability of defense supply chain partners to sophisticated ransomware operations. Source: ‼️🇺🇸 NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltr...

Windows BitLocker Zero-Day Enables Protected Drive Access

A cybersecurity researcher has released proof-of-concept exploits for two unpatched Microsoft Windows vulnerabilities designated YellowKey and GreenPlasma. YellowKey functions as a BitLocker bypass vulnerability, while GreenPlasma serves as a privilege-escalation flaw. The public disclosure of these exploits, tracked under CVE-2026-33825, poses an immediate risk to systems relying on BitLocker encryption for data protection. Additional malware families including BlueHammer, Chaotic Eclipse, Nightmare-Eclipse, and RedSun have been associated with exploitation attempts. Source: Windows BitLocker zero-day gives access to protected drives, PoC released

TeamPCP Poisons Over 400 npm and PyPI Packages with Mini Shai-Hulud Worm

Research has uncovered a sophisticated supply chain attack in which TeamPCP compromised OIDC tokens to inject the self-propagating Mini Shai-Hulud worm into more than 400 packages across npm and PyPI repositories. The campaign targeted high-profile projects including TanStack, Mistral AI, and UiPath, with malicious code distributed through router_init.js and leveraging the domain git-tanstack.com. This incident demonstrates the critical vulnerability of open-source ecosystems to token hijacking and automated package poisoning. Source: TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

The convergence of mail server vulnerabilities, ransomware targeting critical infrastructure, encryption bypass flaws, and widespread open-source poisoning campaigns reflects an increasingly complex threat environment requiring immediate attention from security teams across all sectors.