Cisco SD-WAN is being owned in the wild, Grafana told its extortionists to pound sand, OpenAI quietly stood up a $4B consulting arm aimed at the work you charge for, and Microsoft’s May Partner Center post is doing more damage to your SKU list than most patch notes. Let’s go.

🛡️ Cisco Catalyst SD-WAN is getting popped at CVSS 10

CVE-2026-20182 is a max-severity authentication bypass in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Manager (formerly vManage). Per Cisco’s advisory and CSO Online, an unauthenticated remote attacker can send crafted peering requests and walk out with administrative privileges on the box — no creds, no MFA, no nothing. CISA added it to the KEV catalog on May 14 and issued Emergency Directive 26-03 with a federal remediation deadline of May 17. That deadline is now in the rearview, and per Security Boulevard, this is one of five CVEs tied to the same coordinated campaign already hitting live environments.

Why it matters to your stack: if you manage SD-WAN for clients — or worse, run a shared vManage instance with internet-reachable peering — assume touched until you can prove otherwise. Patch immediately, rotate device certs and admin creds, pull the CISA hunt guidance, and audit peering connections going back at least 30 days. Two upsell angles writing themselves: an SD-WAN posture review for every Cisco customer you have, and an IR retainer conversation for the ones who can’t tell you when they last looked at vManage logs. And if you’re a Fortinet or Versa partner, this is your week to call the Cisco-shop prospect you’ve been chasing.

🔑 Grafana tells CoinbaseCartel to take a hike

Grafana Labs disclosed Saturday night that an attacker grabbed a token granting access to its GitHub environment and downloaded chunks of the codebase. A relatively new extortion crew called CoinbaseCartel claimed the hit and demanded a ransom — Grafana publicly refused to pay, per The Record and BleepingComputer. Grafana says no customer data or PII was accessed, only source. CoinbaseCartel has been busy since launching last September, with more than 100 victims now listed on their leak site.

Why it matters to your stack: two things. First, Grafana is sitting in a lot of your monitoring stacks — directly or under your RMM hood — so factor a refresh of any self-hosted Grafana instances into next week’s maintenance window in case post-leak exploits surface. Second, and bigger: this is yet another stolen-PAT-into-GitHub story, after the wave of similar incidents over the last six months. If your dev or automation team still has long-lived personal access tokens with broad scopes sitting in CI variables, you are one phished engineer away from being the next post on a leak site. Rotate to short-lived tokens, scope them per repo, force SSO + hardware keys for the GitHub org, and make secret scanning non-optional. Turn it into a hardened-SaaS-posture offering for any client running source on GitHub — there is real, billable work in cleaning this up.

🤖 OpenAI just launched a $4B consulting firm aimed at your services line

OpenAI unwrapped The OpenAI Deployment Company — DeployCo for short — backed with more than $4 billion in fresh capital and built explicitly to help enterprises move from “we have ChatGPT licenses” to “AI is wired into our workflows.” Per Axios and the OpenAI announcement, DeployCo is a majority-owned OpenAI subsidiary that’s already absorbing Tomoro and stacking up forward-deployed engineers. Anthropic did the same dance two weeks earlier with its own services play, and OpenAI obviously didn’t want to cede the room.

Why it matters to your business: the model vendors are now competing with you for the deployment dollar, not just the license. The pitch you’ve been refining — “we’ll connect Copilot/Claude/GPT to your line-of-business apps, govern it, and run it for you” — is now also being pitched by OpenAI’s own consulting arm with a direct line back to the model team. For the mid-market and SMB MSPs reading this, the good news is DeployCo will go up-market first; the enterprise consulting bake-off is where the $4B gets spent. The bad news is that this raises customer expectations everywhere. Sharpen your AI services SKU now: written governance, identity-aware connectors, prompt and data-loss controls, and an explicit “we deploy it, we run it, we own the outcome” line. If your pitch still ends with “and we’ll help you think about use cases,” you are about to lose deals to a $10B-pre-money startup with OpenAI’s logo on the deck.

📋 Microsoft’s May Partner Center post quietly rewrites your SKU sheet

The May 2026 Partner Center announcements landed last week, and there is more in there than “new banner image.” Three to flag. One: Windows 365 Business with Windows Hybrid Benefit (the WHB SKUs) is retired from sale as of May 1 — new customers can no longer buy it, and there’s a broader 20% Windows 365 Business price reduction underneath, per Microsoft and Topedia. Two: Microsoft 365 E7, the “Frontier Suite” bundling Agent 365, went GA on May 1 at $99 per user per month — a new top-of-stack SKU above E5 that is about to come up in every Copilot conversation. Three: Microsoft Security Store is now embedded inside Entra and Purview, with the AI-driven Security Store Advisor going GA, expanding the in-product surface where partner ISVs get discovered.

Why it matters to your margin: clean up any quotes that still reference the retired Windows 365 Business WHB SKU before a customer notices first. Build an E7 vs. E5 + Copilot comparison sheet now — at $99, E7 is going to be either a real upsell or a real distraction depending on whether Agent 365 maps to anything your customer is actually doing. And if you’ve been treating Security Store as an enterprise sideshow, reconsider: deeper Entra and Purview placement means SMB admins will start clicking into it during normal license work, and partner-built solutions surfaced there are an easier upsell than cold-pitching another endpoint vendor.

⚡ Quick hits

• GitHub Copilot moves to usage-based billing on June 1 — flat Pro and Pro+ seats migrate to a model with monthly GitHub AI Credits and overage charges. If you’re reselling or expensing Copilot for client dev teams, get heavy users on capped plans before they discover “unlimited” was a verb, not a noun.

• Trump-Xi summit wrapped without an AI chip framework but with reported clearance of Nvidia H200 sales to several major Chinese tech firms (per Reuters). For partners chasing GPU allocations: read this as more demand pressure on already-tight supply, not relief.

• Anthropic shipped Claude for Small Business with native connectors into QuickBooks, PayPal, HubSpot, Canva, DocuSign, Google Workspace, and Microsoft 365 — a direct play at the SMB workflow you used to own. Get ahead of it: own the governance, identity, and integration layer before your customer wires it themselves.

That’s the week. Patch your SD-WAN, rotate your tokens, and price your AI services like the vendors are competing with you — because they are.

Keep Reading

© 2026 ChannelBytes.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv