Tech Brief
May 16, 2026
Your morning roundup of the most relevant technology and AI news. Curated by 312 IT Consulting.
Two actively exploited vulnerabilities lead today's brief and demand attention from any Chicago business running Microsoft Exchange or Cisco networking gear. We also cover a major Microsoft 365 Copilot expansion that quietly added Anthropic's Claude models for most tenants, a $25M raise from a Chicago-based SMB AI platform, Microsoft's new agentic security system, and Palo Alto's warning that AI-driven attacks are about to become the norm.
Microsoft Exchange zero-day (CVE-2026-42897) being exploited via crafted email
Microsoft disclosed an actively exploited vulnerability in on-premise Exchange Server tracked as CVE-2026-42897 (CVSS 8.1). The flaw is a cross-site scripting issue that lets an attacker execute arbitrary JavaScript in the victim's browser when a specially crafted email is opened in Outlook Web Access. It is being used in the wild as part of multi-stage intrusion campaigns.
Why it matters for your business: Many Chicago SMBs still run on-prem Exchange — usually because of a legacy line-of-business app or a long-deferred migration. If that's you, this is a "patch this week" item, not a "patch next quarter" item. Confirm your Exchange CU level with whoever manages your servers, apply the May 2026 security update, and force a password reset for any account with admin access to OWA. If you're not on the latest cumulative update or you have no clear owner for Exchange patching, that's the bigger problem — and a good time to revisit our cybersecurity checklist.
Read the advisory →CISA adds max-severity Cisco SD-WAN flaw (CVE-2026-20182) to KEV catalog
CISA added CVE-2026-20182 — a CVSS 10.0 authentication bypass in the Cisco Catalyst SD-WAN Controller — to its Known Exploited Vulnerabilities catalog. Cisco attributes the active exploitation to the UAT-8616 cluster, the same group behind the recent CVE-2026-20127 campaign. Federal agencies face a mid-May patch deadline; the rest of us should treat it the same way.
Why it matters for your business: If your company uses Cisco SD-WAN, Meraki, or Catalyst gear — directly or through a managed services provider — ask your IT vendor today whether your environment is exposed and whether the patch has been applied. A CVSS 10 authentication bypass on a network controller is the kind of flaw that hands an attacker your whole network. If you don't have a documented vulnerability management process, this is a sign to build one. Our managed IT services include patch management and CISA KEV tracking.
View the KEV catalog →Microsoft turns on Anthropic Claude inside Copilot for Word, Excel, and PowerPoint
As part of its May 2026 update wave, Microsoft enabled Anthropic's Claude models inside Microsoft 365 Copilot experiences in Word, Excel, and PowerPoint by default for eligible tenants. GPT-5.5 Instant also landed in Copilot Chat for low-latency responses, and Copilot Cowork expanded with reusable skills and mobile support. Microsoft 365 E7 and Agent 365 are now generally available.
Why it matters for your business: If you've been holding off on Copilot because the answers felt generic, this is a meaningful upgrade — different models are better at different tasks, and giving Copilot a choice of brains usually means better output on the work that matters (contracts, financial models, decks). For Chicago SMBs already paying for Copilot, no action is needed; the change rolls out automatically. If you're still on the fence, this is a good moment to pilot it with one team and measure time saved.
See what's new →Webidoo raises $25M to build an "AI operating layer" for SMBs — with Chicago as its U.S. hub
Webidoo, an AI platform aimed at making agentic AI accessible to small and mid-size businesses, announced a $25 million round led by IXC3 (part of Italy's Azimut Group). The company runs its U.S. business development, account management, and research from a Chicago office. The capital will fund expansion of its platforms and accelerate SMB adoption of agentic AI for automating routine back-office work.
Why it matters for your business: The signal here is more important than the company. Investors are now placing real money on the bet that AI agents — not chatbots — will run a meaningful share of SMB operations within a few years. For Chicagoland businesses, a well-funded local player means more talent, more case studies, and more vendors competing for your business. We'd encourage caution before signing multi-year deals with any single agentic platform; the space is moving fast. Our AI workflow guide covers how to evaluate options without locking in.
Read the announcement →Microsoft unveils MDASH — a multi-model agentic security system that tops industry benchmarks
Microsoft introduced MDASH, a new multi-model agentic security architecture that orchestrates several specialized AI models to triage alerts, scan code, and hunt for novel exploits. Microsoft says MDASH posted leading scores on an industry vulnerability-discovery benchmark and will progressively power features inside Defender and Security Copilot.
Why it matters for your business: SMB security teams (or your outsourced MSP) are about to get meaningful AI leverage. If you're a Defender for Business or Microsoft 365 Business Premium customer, expect faster, more contextual alerts over the coming quarters — without changing your license. The harder question for owners is whether anyone is actually watching those alerts at 2 AM. AI raises the ceiling on detection, but you still need a human on the other end. If you don't have one, our team can help structure that coverage.
Read the Microsoft brief →Palo Alto: AI-driven cyberattacks will be the "new norm" within months
Palo Alto Networks executives warned this week that businesses have a narrow three-to-five-month window before AI-assisted attacks become routine. Newer models — including Anthropic's Mythos and OpenAI's GPT-5.5-Cyber — are making it dramatically easier for attackers to discover unknown software flaws and automate exploitation. Google separately confirmed it had thwarted a hacker group's attempt to use AI to coordinate a "mass exploitation event."
Why it matters for your business: The defensive playbook does not change in shape, but the urgency does. Multi-factor authentication on every account, patched systems, phishing-resistant email security, endpoint detection, and a tested backup are no longer "nice to have" — they're the minimum to not be the easy target. For Chicago SMBs without a clear owner for each of these layers, this is the year to fix that. Call (224) 382-4084 if you want a fast assessment of where you stand.
Read the CNBC story →Need help navigating these changes?
312 IT Consulting helps small and mid-size businesses in Chicagoland cut through the noise and implement technology that actually moves the needle. Call us at (224) 382-4084 or book a free consultation.
Book a Free Consultation