Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Microsoft Defender Zero-Day Vulnerabilities Exploited in Active Attacks
Detected 21 May 2026Occurrence date not yet established -- showing first detection by the desk.·
🇺🇸 Microsoft headquarters, Redmond, Washington, USA (global software impact)1 reportEnded 29 May 2026
CyberPropertyCyberCasualty & Liability
Microsoft has begun rolling out security patches for two zero-day vulnerabilities in Microsoft Defender that have been actively exploited in attacks. The vulnerabilities were being leveraged in real-world attacks prior to patch availability. The disclosure follows Microsoft's standard Patch Tuesday cycle and highlights ongoing risks from unpatched endpoint security software. The limited article content constrains full assessment of attacker attribution, targeting scope, or downstream impact.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: Second-pass historical recalibration. This cyber advisory or vulnerability item is relevant to Cyber and technology-dependent Property/Casualty books, but it does not evidence confirmed insured loss, claims activity, ransomware/business interruption, critical infrastructure outage, or quantified market impact sufficient for HIGH.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known3 lines
Microsoft confirmed two zero-day vulnerabilities exist in Microsoft Defender▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Security patches were released on or around 2026-05-20 (Wednesday)▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Both vulnerabilities have been actively exploited in attacks prior to patching▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported1 line
The vulnerabilities were exploited in targeted attacks, though scope and scale of victims is not detailed in the available content▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
Attribution of the attacks (state-sponsored, criminal, or other threat actor) is unknown▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The nature of the vulnerabilities (privilege escalation, remote code execution, etc.) is not specified in the truncated content▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether critical infrastructure or specific sectors were targeted is unknown▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic scope of the attacks is unclear▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic Zone Matches
1 active match
- TRIA Certified AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇺🇸 United States
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:36
Status changed to active
remediation: existing authoritative signal
signal → active
Initial Detection21 May 2026, 09:08
Initial Detection
Microsoft has begun rolling out security patches for two zero-day vulnerabilities in Microsoft Defender that have been actively exploited in attacks. The vulnerabilities were being leveraged in real-world attacks prior to patch availability. The disclosure follows Microsoft's standard Patch Tuesday cycle and highlights ongoing risks from unpatched endpoint security software. The limited article content constrains full assessment of attacker attribution, targeting scope, or downstream impact.
Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks.
Source: BleepingComputer (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts