COGNOSCERE Daily Tech Review — Issue T122 · Thursday, May 21, 2026

Or visit Intelligence Overview for deeper analysis.

ACTCisco Catalyst SD-WAN CVSS 10.0 Authentication Bypass (CVE-2026-20182) Under Active Exploitation

Cisco disclosed CVE-2026-20182, a maximum-severity CVSS 10.0 authentication bypass in Catalyst SD-WAN Controller and Manager that allows unauthenticated remote attackers to gain full administrative access, with CISA adding the flaw to its Known Exploited Vulnerabilities catalog and issuing Emergency Directive 26-03. Cisco Talos attributed active exploitation to sophisticated threat actor UAT-8616, which has targeted Cisco SD-WAN infrastructure since at least 2023.

The Hacker News · cybersecurity incidents and policy · Relevance: 1.0 · Source →

vulnerability, CVSS 10, SD-WAN, authentication bypass, CISA KEV, active exploitation, networking, zero-day, enterprise networking

ACTEvilTokens OAuth Device Code Phishing Platform Compromises 340+ Microsoft 365 Organizations

A phishing-as-a-service platform called EvilTokens, launched in February 2026, weaponized the OAuth 2.0 device authorization flow to harvest persistent Microsoft 365 access tokens that survive password resets and bypass MFA entirely, compromising more than 340 organizations across seven countries within five weeks. The technique renders conventional MFA protections ineffective and requires organizations to restrict device code authentication flows via Conditional Access policies to mitigate risk.

The Hacker News · cybersecurity incidents and policy · Relevance: 0.9 · Source →

phishing, OAuth, MFA bypass, identity security, Microsoft 365, BEC, PhaaS, credential theft, enterprise security

ACTTanStack and Major npm/PyPI Packages Hit by 'Mini Shai-Hulud' Self-Propagating Supply Chain Credential Wiper

A supply chain attack dubbed 'Mini Shai-Hulud' by TeamPCP poisoned major npm and PyPI packages including TanStack, UiPath, and Mistral AI with a self-propagating credential-stealing worm that installs a destructive wiper daemon capable of deleting a developer's home directory if stolen GitHub tokens are revoked. The attack targeted developer toolchains and CI/CD pipelines across the software ecosystem.

Wiz · cybersecurity incidents and policy · Relevance: 0.9 · Source →

supply chain attack, npm, PyPI, developer security, credential theft, wiper malware, DevSecOps, open source

PREPAREAnthropic Mythos AI Security Model: Cloudflare Tests Against 50+ Internal Repositories Under Project Glasswing

Cloudflare tested Anthropic's Mythos Preview cybersecurity AI model against more than 50 of its internal repositories under Project Glasswing, observing it chain low-severity primitives into working exploits and self-validate findings by compiling and executing proof-of-concept code in isolated environments. Anthropic subsequently opened Mythos findings and tooling to outside organizations under responsible disclosure norms, raising new questions about AI-accelerated vulnerability discovery timelines.

The Guardian / TLDR InfoSec · cybersecurity incidents and policy · Relevance: 0.9 · Source →

AI security, vulnerability discovery, offensive AI, responsible disclosure, agentic AI, cybersecurity, LLM, enterprise security

WATCHMeta Cuts 8,000 Jobs and Reassigns 7,000 to AI-Focused Teams in Sweeping AI Restructuring

Meta began notifying approximately 8,000 employees of layoffs on May 20, representing 10% of its global workforce, while simultaneously redirecting 7,000 additional employees into four new AI-focused organizational units including Applied AI Engineering and the Agent Transformation Accelerator. The restructuring accompanies $115–$145 billion in projected 2026 AI infrastructure capital expenditure.

Yahoo Finance / The Next Web · enterprise software and SaaS · Relevance: 0.9 · Source →

layoffs, AI restructuring, workforce transformation, agentic AI, enterprise AI, AI infrastructure, big tech

WATCHCISA Contractor Exposed AWS GovCloud Credentials in Public GitHub Repository

A CISA contractor maintained a public GitHub repository that exposed administrative credentials for three AWS GovCloud accounts, plaintext passwords for dozens of internal CISA systems, and software artifactory access tokens after explicitly disabling GitGuardian's default secret detection feature. The exposure was flagged by a GitGuardian researcher on May 15 and described as among the worst government credential leaks on record.

SWK Technologies / Krebs on Security · cybersecurity incidents and policy · Relevance: 0.9 · Source →

government security, secrets exposure, AWS, cloud security, credential management, supply chain, insider risk

WATCHMicrosoft Pushes Third-Party Drivers Out of Windows 11 Kernel Mode Toward Safer User-Mode Architecture

Microsoft announced plans to improve Windows 11 driver quality and security by pushing more third-party drivers out of kernel mode into safer user-mode or Microsoft-owned class drivers, accompanied by stronger partner verification and cleaner Windows Update catalog hygiene. The move follows criticism that Microsoft has lagged in meaningful AI user adoption despite aggressive Copilot integration.

TLDR IT / Windows Latest · enterprise IT developments · Relevance: 0.7 · Source →

Windows, kernel security, driver security, enterprise IT, Microsoft, operating system, cybersecurity

PREPAREGoogle I/O 2026: Gemini 3.5 Flash Debuts with Frontier Agentic Performance at Flash Cost

Google launched Gemini 3.5 Flash at I/O 2026, a model that outperforms its prior Pro tier on coding and agentic benchmarks while running four times faster than competing frontier models. Google CEO Sundar Pichai stated that enterprises processing roughly one trillion tokens per day on Google Cloud could save more than $1 billion annually by shifting 80 percent of workloads to a Flash-based mix, and announced $180–$190 billion in 2026 capital expenditure.

VentureBeat · AI model releases · Relevance: 1.0 · Source →

agentic AI, cloud AI, enterprise AI, multimodal, AI infrastructure, Google Cloud, LLM, model release

PREPAREAutomation Anywhere Launches EnterpriseClaw with Cisco, NVIDIA, Okta, and OpenAI for Enterprise Agentic AI

Automation Anywhere launched EnterpriseClaw, a multi-vendor platform enabling deployment of autonomous claw-style AI agents across cloud, desktop, on-premises, and secured enterprise environments, combining Cisco AI Defense for agentic security, NVIDIA NIM microservices and OpenShell runtime, Okta cross-agent identity management, and OpenAI GPT-5.5 models. The product is currently in preview with general availability planned for later in 2026.

PR Newswire / Automation Anywhere · agentic systems · Relevance: 0.9 · Source →

agentic AI, enterprise automation, AI governance, identity security, multi-vendor, AI agents, on-premises AI, AI orchestration

WATCHAndrej Karpathy Joins Anthropic to Lead Claude Pre-Training Research Team

OpenAI co-founder and former Tesla AI director Andrej Karpathy announced he has joined Anthropic's pre-training team, reporting to Nick Joseph. Anthropic confirmed Karpathy will build a new internal team focused on using Claude itself to accelerate pre-training research, signaling Anthropic's bet that AI-assisted R&D is a primary competitive lever.

TechCrunch · enterprise AI talent · Relevance: 0.9 · Source →

AI talent, pre-training, frontier AI, AI research, executive move, LLM, Anthropic, OpenAI

PREPAREOpenAI Launches Guaranteed Capacity: Multi-Year Enterprise Compute Reservation Program

OpenAI announced a Guaranteed Capacity program allowing enterprise customers to secure long-term access to OpenAI compute through one-, two-, or three-year commitments with tiered discounts, covering production AI products, agents, and workflows across OpenAI's model portfolio. CEO Sam Altman cited persistent global compute scarcity as the driver, noting OpenAI targets approximately $600 billion in total compute spend by 2030.

CNBC · decision frameworks · Relevance: 0.8 · Source →

AI infrastructure, compute capacity, enterprise contracts, AI procurement, cloud AI, capacity planning, AI ROI, vendor lock-in

WATCHIBM SQL Data Insights Pro and watsonx.data Agent-Ready Platform Announced at Think 2026

At Think 2026, IBM introduced SQL Data Insights Pro, an intelligence layer for Db2 for z/OS that transforms SQL queries into real-time decision-ready insights using automated semantic pattern detection and natural language explanations without data movement. IBM also positioned watsonx.data as an agent-ready enterprise analytics platform with GPU-accelerated query processing in private preview, in partnership with NVIDIA.

IBM · business intelligence platforms · Relevance: 0.8 · Source →

business intelligence, data analytics, AI analytics, enterprise data, mainframe modernization, agentic AI, decision support, real-time analytics