Light news cycle? Not this week. Microsoft kicked a code-signing cartel offline, a Windows recovery-mode exploit just nuked BitLocker assumptions, Nvidia printed $81.6B in a single quarter and the market still shrugged, and Intezer wants on your AI SOC tab. Plus the on-prem Exchange flaw nobody’s done patching is still actively exploited. Let’s go.

🔑 BitLocker just got bypassed with a USB stick and a reboot

CVE-2026-45585, aka YellowKey, is a Windows BitLocker security feature bypass that lets anyone with brief physical access boot a target machine into the Windows recovery environment from a USB drive and walk out with the decrypted contents of the disk. Per SecurityWeek and Help Net Security, Microsoft confirmed the flaw on Tuesday, the public PoC works, and Kevin Beaumont verified it — his summary, paraphrased: BitLocker has a backdoor. CVSS sits at 6.8 because it needs physical access, but there’s no patch yet — Microsoft has only published a mitigation that requires a BitLocker PIN plus a BIOS password. Anything short of that is theater.

Why it matters to your stack: every laptop you’ve ever sold a client on the basis of “the drive is encrypted, we’re fine if it gets stolen” is now a phone call you need to make. Insurance attestations, HIPAA risk assessments, and SOC 2 data-at-rest controls all quietly assume BitLocker is sealed — until you’ve added PIN + BIOS protection, it isn’t. Three action items this week: (1) push pre-boot PIN policy via Intune or your RMM to every managed Windows 11 endpoint, (2) disable USB boot and lock the BIOS on anything that ever leaves the office, and (3) turn this into a project — physical-access hardening is a real services engagement, not a checkbox. The lost-or-stolen-laptop QBR slide writes itself.

🦊 Microsoft burns down Fox Tempest’s code-signing service

Microsoft’s Digital Crimes Unit announced Tuesday it disrupted Fox Tempest, a malware-signing-as-a-service operation that sold ransomware crews freshly minted 72-hour code-signing certificates so their droppers looked like legit software. Per The Register and Microsoft’s filing in the Southern District of New York, DCU revoked more than 1,000 code-signing certs, seized domains, and took down hundreds of VMs running the operation. Customers reportedly included the usual ransomware suspects whose signed loaders had been quietly walking past trust-based EDR rules for months.

Why it matters to your channel: if your EDR or AV stack trusts “valid digital signature” as a strong signal — and most of them do, by default — you may have signed-but-malicious binaries sitting in client fleets that nobody flagged. Pull a list of executables signed by recently issued, short-lived certificates over the last six months and cross-check against the IOC drops Microsoft and the ISACs will push this week. Then, while you’re already in there: turn this into an upsell for WDAC, AppLocker, or a proper allowlisting tier for customers who still think “the AV will catch it.” Signed malware is the case study. Use it.

💸 Nvidia prints $81.6B, raises the dividend 2,400%, and the stock slides anyway

Nvidia reported Q1 FY27 after the close Tuesday: revenue $81.62B (up 85% YoY), data-center revenue $75.2B, dividend hiked from $0.01 to $0.25 per share, and another $80B added to the buyback authorization. Beat the $78B guide, beat the ~$80B whisper. Per Fortune and CNBC, the stock still dropped in after-hours — because Q2 guidance came in at $91B ±2%, and the bulls wanted more. Blackwell is now driving the bulk of data-center compute revenue, and US-cleared H200 shipments to China are flowing again.

Why it matters to your business: nothing in this report says your customers will stop buying AI infrastructure — quite the opposite. But two channel reads matter. First, GPU supply on Blackwell and H200 has eased enough that AI-server quote cycles should be tightening, not stretching — if your Dell, Supermicro, or HPE reps are still quoting 16-week lead times on Blackwell SKUs, push back hard and demand updated commits. Second, when Wall Street decides “merely great” isn’t great enough, that’s when downstream pricing power starts shifting toward the people writing the checks. Renegotiate AI-ready server SKUs, GreenLake-style consumption deals, and multi-year GPU-cloud reseller terms now, while the narrative is “Nvidia disappointed.” It won’t last past the next earnings cycle.

🤖 Intezer launches a channel program for its AI SOC

Intezer rolled out its Amplify Partner Program Tuesday — a global channel motion targeting MSSPs, VARs, and service providers around its ForensicAI SOC platform, with deal registration, SPIFF-based incentives, and a partner portal going live in June. Per MSSP Alert and TipRanks, the pitch is the same one every AI SOC vendor is making this year: automate Tier 1 triage, free up your analysts, take the margin home.

Why it matters to your stack: this is at least the fifth “AI SOC for MSSPs” program announced in 2026 — AgileBlue dropped its own Amplify program (yes, same name, different vendor) in April, and Kaseya, ConnectWise, and the wider agentic-SOC crowd are all drumming the same beat. The SPIFF dollars are nice. What actually matters before you sign: alert fidelity on YOUR customer telemetry, not the vendor’s demo dataset; integration into your existing PSA/ticketing without a six-month services project; and unit economics that survive a noisy customer who generates 10x the alerts of the average. Run a 30-day bake-off against your current MDR — same tenants, same telemetry, same week, count the noise and measure mean-time-to-actionable-ticket. If the AI catches what your humans miss, great. If it just generates faster low-fidelity tickets, you’re paying to bury your own SOC.

⚡ Quick hits

Exchange OWA still bleeding: CVE-2026-42897, the on-prem Exchange OWA spoofing flaw disclosed May 14, is being actively exploited via crafted emails and is on CISA’s KEV list. If you still run on-prem Exchange for any client, patch this week or migrate them. Exchange Online is unaffected.

Partner Center drop: Microsoft posted a May 19 batch of Partner Center announcements. Worth a quick read for the Office LTSC 2021 / Project LTSC 2021 EOL reminder (support ends October 13, 2026) and a handful of NCE workflow tweaks that will quietly burn your billing team if you miss them.

AI-native layoff wave: Coinbase cut roughly 14% of staff and Freshworks trimmed more than 10%, both citing AI-driven productivity. Read it as a customer-conversation tee-up — your SMB clients are watching the headlines and will start asking what their own AI plan looks like. Have a one-page answer — AI readiness assessment, governance playbook, pilot scope — ready before they go shopping for one.