Microsoft released 120 CVEs in the May 2026 Patch Tuesday update, including 17 critical flaws, primarily remote code execution (RCE) and elevation of privilege (EoP) issues. A new multi-model agentic AI system discovered 16 of these CVEs. Key critical vulnerabilities include CVE-2026-41089 (Windows Netlogon stack-based buffer overflow, CVSS 9.8), CVE-2026-41096 (Windows DNS client RCE, CVSS 9.8), and CVE-2026-42898 (Microsoft Dynamics 365 On-Premises RCE). These flaws allow attackers to gain system privileges, compromise endpoints, and execute malicious code with minimal prerequisites.

A dual-pronged software supply chain attack leveraged malicious packages in RubyGems and Go modules, initially to harvest credentials and manipulate CI workflows via poisoned dependencies. As investigation expanded, a separate campaign named GemStuffer was discovered abusing RubyGems as a data exfiltration channel: attackers scraped publicly accessible U.K. council portals, embedded the content into valid .gem archives, and republished over 150 gems to RubyGems using hardcoded API keys, temporarily storing the data within the registry itself. The initial supply chain compromise targeted CI environments through the GitHub account "BufferZoneCorp", which published sleeper packages such as activesupport-logger and go-retryablehttp. Malicious Ruby gems stole environment variables, SSH keys, AWS secrets, and developer credentials, while Go modules injected fake Go wrappers to intercept build steps, manipulate GitHub Actions workflows, and establish SSH persistence. All identified packages were yanked or blocked from distribution channels. In parallel, the GemStuffer campaign used newly created gems with junk names to host scraped council portal data, including committee documents and contact directories from Lambeth, Wandsworth, and Southwark. Some variants created temporary credential environments and pushed directly to RubyGems via CLI or API POST, avoiding reliance on existing credentials. Although the scraped data was publicly available, the systematic collection and archival suggest testing of registry abuse against government infrastructure, compounding the broader ecosystem disruption.

Google introduced an opt-in Android feature called Intrusion Logging as part of Advanced Protection Mode to enable persistent, privacy-preserving forensic logging for investigating sophisticated spyware compromises. Developed in collaboration with Amnesty International and Reporters Without Borders, the feature logs daily device and network activities such as app processes, installations, network connections, USB file transfers, system certificate changes, and device lock states. Logs are end-to-end encrypted and stored on Google servers for 12 months, protected by encryption keys tied to the user’s Google Account password and screen lock credentials. Malware on the device cannot access, delete, or manipulate logs, and neither Google nor state actors can decrypt them without user credentials. The feature targets high-risk individuals who suspect targeted surveillance, allowing them to share encrypted logs with security experts for forensic analysis. Users cannot delete logs before the 12-month retention period, even if the account is closed or the feature is disabled, though they can download decrypted logs for longer retention at their own risk. The feature is rolling out to devices running Android 16 December update and newer.

A live webinar scheduled for June 2, 2026, will address systemic gaps in network incident response workflows that exacerbate incident escalation despite existing monitoring and security tooling. The session highlights how reliance on manual triage, alert routing, and coordination across disparate systems—rather than visibility limitations—drives incident escalation and service disruption during high-pressure scenarios.

Signal introduced new in-app confirmations and warning messages to mitigate phishing and social engineering attacks targeting its users. The updates aim to introduce user friction to encourage verification before accepting external requests. Recent campaigns abused the Linked Device feature by tricking high-profile users into scanning QR codes or sharing one-time codes under the guise of account verification, enabling Russian state-sponsored actors to gain unauthorized access to accounts, chats, and contact lists.

Microsoft has continued to issue extended security updates for Windows 10, addressing critical vulnerabilities and platform stability issues. The May 2026 KB5087544 update fixes Patch Tuesday vulnerabilities, resolves Remote Desktop security warning rendering problems in multi-monitor environments, and advances Secure Boot certificate deployment through improved device targeting and reporting. The update raises Windows 10 to build 19045.7291 (Enterprise LTSC 2021 to 19044.7291) and introduces a Daylight Saving Time adjustment for Egypt. Earlier, Microsoft released KB5075912 in February 2026 to remediate six zero-day vulnerabilities and continue replacing expiring Secure Boot certificates. That update addressed shutdown/hibernation failures when System Guard Secure Launch was enabled, incorporated Chinese font changes for GB18030-2022A compliance, and resolved stability issues affecting certain GPU configurations. Microsoft has emphasized a controlled, phased rollout of Secure Boot certificate replacements to mitigate bypass risks from expiring certificates. The updates remain available to Windows 10 Enterprise LTSC users and ESU program participants.

Fortinet has released **emergency patches** for **two new critical remote code execution (RCE) vulnerabilities** in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both allowing unauthenticated attackers to execute arbitrary code via crafted requests. These flaws join a series of actively exploited vulnerabilities in Fortinet products, including **CVE-2026-35616 (FortiClient EMS API access bypass)**, which CISA mandated federal agencies patch by **April 9, 2026**, and **CVE-2026-21643 (FortiClientEMS SQL injection)**, exploited since late March 2026. Earlier in 2026, Fortinet addressed **CVE-2026-24858**, a critical FortiCloud SSO authentication bypass (CVSS 9.4) exploited to hijack admin accounts and exfiltrate configurations from **over 25,000 exposed devices**, prompting CISA to enforce a **January 30, 2026**, patching deadline for federal agencies. Fortinet temporarily disabled FortiCloud SSO to mitigate zero-day attacks, later restoring it with restrictions. The **FortiClient EMS vulnerabilities (CVE-2026-21643 and CVE-2026-35616)** remain high-risk, with **Shadowserver tracking over 2,000 exposed instances** primarily in the U.S. and Europe. Organizations are urged to **disable vulnerable features (e.g., FortiCloud SSO), apply hotfixes immediately, and isolate management interfaces** to prevent lateral movement and endpoint compromise.

Microsoft’s May 2026 Patch Tuesday released fixes for 120 vulnerabilities across its ecosystem, including 17 Critical flaws, with no zero-days disclosed. The updates, delivered via Windows 11 cumulative updates KB5089549 and KB5087420 for versions 23H2, 24H2, and 25H2, addressed remote code execution (RCE), elevation of privilege (EoP), information disclosure, denial of service (DoS), and spoofing vulnerabilities in Windows, Office, Word, Excel, SharePoint, and the DNS Client. The remediation effort excluded patches for Microsoft Mariner, Azure, Copilot, Teams, Partner Center, and 131 Google Chromium-based Edge flaws addressed separately by Google. Notable fixes included CVE-2026-35421 (Windows GDI RCE via malicious EMF files), CVE-2026-40365 (SharePoint Server RCE), and CVE-2026-41096 (Windows DNS Client RCE). While the primary focus was security, the updates also introduced non-security improvements such as Xbox mode integration, expanded File Explorer archive support, haptic feedback for input devices, and enhanced batch file security controls.

Threat actors breached Škoda Auto’s online shop by exploiting an unspecified vulnerability in the e-commerce portal’s software, resulting in the exposure of personal and order data for an undisclosed number of customers. The incident occurred in mid-2026, with access granted to attacker-controlled accounts via a software flaw in the standard e-commerce platform. The attacker activity was detected through Škoda’s technical security monitoring, prompting a forensic investigation and remediation of the vulnerability. No financial data was stored in the compromised systems, as full credit card details were processed exclusively by external payment service providers. Affected customers are advised to monitor for phishing attempts and credential misuse due to the exposure of login details.

Android 17, scheduled for release next month, introduces a suite of security and privacy features designed to mitigate banking scam calls, enhance device theft protection, and improve threat detection. Google’s new call authenticity verification system integrates with banking apps to detect spoofed calls and terminate fraudulent connections automatically. The feature initially supports digital banking platforms such as Revolut, Itaú Unibanco, and Nubank, with backward compatibility to Android 11 and later. Live Threat Detection is expanded to identify additional abuse techniques, including SMS forwarding misuse and concealed accessibility overlays, while Advanced Protection now restricts accessibility service access to legitimate tools and disables device-to-device unlocking. Device theft protection is bolstered with biometric enforcement for the "Mark as lost" feature, rendering devices inaccessible even if the passcode is known, and disabling Wi-Fi and Bluetooth connections. Privacy enhancements include malware scanning of APKs in Chrome, reduced PIN-guessing resilience, temporary precise-location sharing, and AISeal with pKVM for hardware-backed AI data isolation. Post-quantum cryptography protections are also introduced, with some features launching exclusively on Pixel devices or newer models.

A severe use-after-free vulnerability in Exim's BDAT message body parsing under GnuTLS configurations allows unauthenticated attackers to trigger memory corruption and achieve code execution. Exim versions 4.97 through 4.99.2 using USE_GNUTLS=yes are affected. Attackers need only establish a TLS connection and leverage the CHUNKING (BDAT) SMTP extension to exploit the flaw. The issue arises when a TLS close_notify alert is sent before BDAT body transfer completes, followed by a residual cleartext byte that writes to a freed memory buffer during session teardown, corrupting the allocator metadata. Exploitation grants further primitives for code execution.

A hospitality group operating over 4,000 hotels worldwide disclosed a security incident where threat actors maintained unauthorized access to a guest reservation web application for approximately six months. The intrusion was detected on April 22, 2026, with evidence showing initial compromise on October 14, 2025. Attackers accessed guest reservation data including names, email addresses, phone numbers, and reservation details, though payment information was not stored in the affected system. The application was taken offline immediately upon discovery, and an external investigation was initiated. While the scope of affected individuals remains undisclosed, the hotel group has warned that stolen data may be used for subsequent phishing and scam campaigns.

A new variant of the TrickMo Android banking trojan, designated TrickMo C, has fully transitioned its command-and-control (C2) infrastructure to The Open Network (TON) Blockchain, using .adnl identities to evade traditional domain-based takedowns and embedding a native TON proxy at launch. The variant, identified in campaigns between January and February 2026, targeted banking and wallet users in France, Italy, and Austria via TikTok-themed lures distributed through Facebook ads and dropper apps impersonating Google Play Services. TrickMo C retains core device-takeover capabilities, including credential phishing, keylogging, screen streaming, OTP suppression, and real-time remote control, while expanding operational roles by incorporating a network-operative subsystem for reconnaissance and authenticated SSH tunneling and SOCKS5 proxying. Infected devices are repurposed as programmable network pivots, enabling lateral movement and traffic masquerading as originating from the victim's IP, thereby defeating IP-based fraud detection.

A cybercriminal campaign combining ClickFix social engineering with PySoxy, a decade-old Python SOCKS5 proxy tool, establishes persistent access on compromised hosts without traditional malware, evading conventional removal attempts. The intrusion begins with ClickFix, a user-executed social engineering tactic that deceives victims into running malicious commands or downloading payloads. Attackers then delay deployment of PySoxy to perform reconnaissance, identify lateral movement targets, and confirm communication with attacker-controlled infrastructure before activating the proxy as a persistence mechanism via scheduled tasks. This modular approach enables repeated re-execution attempts even when endpoint protections block primary payloads or command-and-control (C2) connections.

Enterprise SOCs consistently fail to investigate high-risk alert categories—WAF events, DLP anomalies, OT/IoT signals, dark web intelligence, and supply chain alerts—due to systemic gaps in coverage models. In-house teams lack domain-specific expertise and capacity, managed security service providers (MSSPs/MDRs) lack business context, and AI SOC automation platforms restrict coverage to 4–6 predefined alert types using static triage logic. The result is a blind spot where the most critical alerts are deprioritized or escalated back to overloaded teams, increasing breach risk.

The Mini Shai-Hulud supply chain attack has escalated into a broader, ongoing campaign with a fresh wave of compromises targeting the TanStack developer ecosystem and other ecosystems, including SAP and AI tooling. Researchers have identified hundreds of malicious npm packages—373 package-version entries across 169 package names and at least double that number across multiple organizations—designed to steal developer and CI/CD credentials and self-propagate through compromised maintainer accounts and GitHub Actions trusted publishing workflows. The malware now leverages heavily obfuscated JavaScript payloads with Bun-based execution to evade detection, while abusing IDE integrations for persistence. The campaign’s tactics have evolved to include automated trojanized package updates pushed via compromised maintainer credentials and OIDC-based npm publishing, significantly increasing the blast radius by turning compromised build systems and developer environments into vectors for further infection. The threat actors, assessed as TeamPCP, continue to refine their methods to maximize reach and stealth, underscoring the urgency for developers to rotate credentials, verify package provenance, and monitor for unauthorized publishes.

SAP’s December 2025 security bulletin addressed 14 vulnerabilities, including three critical flaws, while the May 2026 updates introduced 15 new vulnerabilities with two critical issues in Commerce Cloud and S/4HANA. One critical flaw, CVE-2026-34263, is a missing authentication check in SAP Commerce Cloud allowing unauthenticated attackers to execute arbitrary code. The second critical flaw, CVE-2026-34260, enables low-complexity SQL injection in SAP S/4HANA, risking unauthorized data access and application disruption. SAP’s May 2026 advisory also resolved one high-severity and 11 medium-severity issues, including command injection, missing authorization checks, and XSS. While SAP has not observed active exploitation of these new flaws, historical precedent shows SAP vulnerabilities are frequently targeted, with 14 SAP flaws added to CISA’s Known Exploited Vulnerabilities catalog in recent years, including two used in ransomware attacks. SAP remains a critical enterprise software vendor, serving 99 of the 100 largest global companies and reporting over €36 billion in fiscal year 2025 revenue.

Agentic AI systems are increasingly deployed across enterprise environments without corresponding security oversight, exposing organizations to novel attack vectors and governance gaps. Security teams lack foundational knowledge of agentic AI architecture, MCP integration risks, and custom agent proliferation, creating blind spots in configuration, access control, and threat modeling. The absence of hands-on engagement with these systems prevents practitioners from proposing meaningful controls or participating in design decisions, leading to bypassed security teams and unchecked exposure. The accelerated adoption of general-purpose coding agents, vendor-built MCP-connected agents, and user-created custom agents introduces distinct risk profiles, with broad permissions enabling lateral movement paths and expanded attack surfaces. Organizations arriving late to agentic AI security risk compounding exposure as access scopes grow without security involvement.

A new Android malware campaign has been observed leveraging the Hugging Face platform to distribute thousands of APK payload variants designed to steal credentials from financial and payment services. The attack begins with the dropper app TrustBastion, which uses scareware-style ads and fake system update prompts to trick users into installing it. The malware then redirects to a Hugging Face repository to download the final payload, employing server-side polymorphism to evade detection and exploiting Android’s Accessibility Services to monitor activity and capture credentials. Bitdefender discovered over 6,000 commits in the repository, which was taken down but resurfaced under the name 'Premium Club.' Bitdefender published indicators of compromise and notified Hugging Face, which removed the malicious datasets. A separate infostealer campaign was uncovered on Hugging Face, where the repository 'Open-OSS/privacy-filter' typosquatted OpenAI's legitimate Privacy Filter release to distribute a Rust-based infostealer. The malicious repository achieved high visibility with over 244,000 downloads and 667 likes in under 18 hours, likely artificially inflated, and instructed users to clone and execute scripts to initiate the infection. The infostealer used evasion techniques and targeted browser passwords, session cookies, Discord tokens, crypto wallets, Telegram sessions, and other credentials. HiddenLayer urged affected users to treat their systems as fully compromised, rotate all credentials, and follow remediation steps.

A UK water company, South Staffordshire Water, was fined £980,000 by the UK Information Commissioner’s Office (ICO) following a two-year undetected intrusion that compromised personal data of 633,887 individuals. The breach began with a phishing email on September 11, 2020, leading to installation of Get2 downloader and SDBbot remote access trojan. The threat actor moved laterally using a domain admin account and RDP from May 17 to August 4, 2022, before the breach was discovered on July 15, 2022 due to IT performance anomalies. A ransom note was found on July 26, 2022, and the actor claimed to have exfiltrated 4.1TB of sensitive PII, including HR data, bank details, and Priority Services Register information. The fine was reduced from £1.6m for not contesting the penalty. The ICO cited multiple failures: lack of least privilege enforcement, inadequate monitoring (only 5% of environment monitored), unsupported legacy software (e.g., Windows Server 2003), and unpatched critical systems. The regulator emphasized that critical infrastructure providers handling large volumes of personal data must implement established security controls proactively.

OpenAI launched Daybreak, a cybersecurity offering that embeds AI-powered vulnerability detection, patch validation, dependency risk analysis, and threat modeling into development workflows using OpenAI’s Codex Security agent harness. Daybreak combines frontier models (GPT-5.5 variants) and an editable, AI-generated threat model to identify high-impact attack paths and test vulnerabilities in isolated environments before attackers exploit them. Access is restricted via controlled requests, with major security vendors (Akamai, Cisco, Cloudflare, CrowdStrike, Fortinet, Oracle, Palo Alto Networks, Zscaler) integrating Daybreak under OpenAI’s Trusted Access for Cyber initiative. The initiative responds to AI’s acceleration of vulnerability discovery and remediation bottlenecks, including triage fatigue and 90-day disclosure policy strain reported by maintainers and researchers.

Apple has expanded end-to-end encrypted RCS messaging from a beta-limited Apple-only feature to a default-enabled cross-platform capability in iOS 26.5. The encryption now supports conversations between iPhones and Android devices on supported carriers, with visual indicators (lock icons) confirming secure sessions. This follows the GSMA’s 2025 endorsement of E2EE for RCS messages and represents a major industry collaboration milestone. Additionally, the beta in iOS 26.4 introduced Memory Integrity Enforcement (MIE) and default activation of Stolen Device Protection for all iPhone users, enhancing memory safety and device security. The initial development began with Apple testing E2EE for RCS messaging in iOS and iPadOS 26.4 Developer Beta, limited to Apple devices and based on RCS Universal Profile 3.0 using the Messaging Layer Security (MLS) protocol. The beta also introduced enhanced memory safety protections via MIE and default Stolen Device Protection, which enforces a one-hour delay for Apple Account password changes and requires biometric authentication for sensitive actions.

The U.S. Federal Trade Commission (FTC) has finalized an order with General Motors (GM) and its subsidiary, OnStar, banning the company from selling drivers' geolocation and driving behavior data for five years. The order follows allegations that GM collected and sold this data without consumer consent through OnStar's 'Smart Driver' feature. The FTC's action requires GM to obtain express consent before collecting or sharing such data and provides consumers with more control over their information. Additionally, GM reached a $12.75 million settlement with California authorities for violating the California Consumer Privacy Act (CCPA) by illegally collecting and selling Californians’ driving and location data to data brokers Verisk Analytics and LexisNexis Risk Solutions between 2020 and 2024, including provisions to delete retained data and strengthen privacy compliance.

TeamPCP has escalated its multi-vector CanisterWorm campaign into a geopolitically targeted operation, now confirmed to have leveraged the Trivy supply-chain attack as an access vector for the Checkmarx compromise. The group compromised PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) and Checkmarx KICS tooling to deliver credential-stealing malware, harvesting SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. Checkmarx has publicly confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository, with access facilitated by the Trivy compromise attributed to TeamPCP. The leaked data, published on both dark web and clearnet portals, did not contain customer information, and Checkmarx has blocked access to the affected repository pending forensic investigation. The campaign’s scope expanded from initial npm package compromises to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and CI/CD pipeline targeting, while destructive payloads in Iranian Kubernetes environments highlight TeamPCP’s geopolitical alignment. On May 9, 2026, TeamPCP published a malicious version of the Checkmarx Jenkins AST plugin (2.0.13-829.vc72453fa_1c16) to the Jenkins Marketplace, defacing the plugin’s GitHub repository with pro-TeamPCP messaging. The compromise was facilitated using credentials stolen in the March 2026 Trivy supply-chain attack and occurred outside the plugin’s official release pipeline, lacking a git tag or GitHub release. Checkmarx isolated its GitHub repositories from customer environments and stated no customer data was stored in them. Users are advised to use version 2.0.13-829.vc72453fa_1c16 published on December 17, 2025, or older.

A proof-of-concept tool named GhostLock demonstrates abuse of the Windows CreateFileW API’s dwShareMode parameter to lock files exclusively and block read/write access for other users or processes. The technique targets local and SMB network shares by opening files with dwShareMode=0, triggering STATUS_SHARING_VIOLATION errors. GhostLock can be executed by standard domain users without elevated privileges and may be amplified via multi-host execution, disrupting operations without data destruction. Detection is challenging as the attack generates legitimate file-open events rather than writes or encryption.

The U.S. Federal Communications Commission (FCC) has extended the deadline for owners of banned foreign-made routers to provide security updates to U.S.-based users by two years, from March 2027 to at least January 1, 2029. The extension now allows vendors to issue major software and firmware updates that affect router functionality, not just minor security patches or compatibility fixes, and applies to both foreign-made routers and drone systems banned in December 2025. The FCC banned the import and sale of all consumer-grade routers produced abroad in March 2026, placing them on the Covered List due to unacceptable national security risks. Exceptions are limited to conditional approvals by the Department of Defense or Department of Homeland Security. The policy aims to mitigate supply-chain vulnerabilities in foreign-made routers, which have been exploited by China-nexus threat actors like Volt Typhoon and Salt Typhoon to gain persistent access to U.S. networks. Existing routers and U.S.-manufactured devices such as Starlink routers remain unaffected by the ban.

Security controls remain essential but are increasingly ineffective against attacks engineered to bypass or abuse legitimate systems and trusted employees. Malware-less threats—including business email compromise (BEC), voice-phishing-based MFA bypass, and unauthorized generative AI usage (Shadow AI)—now dominate the threat landscape, accounting for 83% of incidents reported in early 2026. These attacks exploit human behavior and organizational trust rather than technical vulnerabilities, with BEC alone responsible for 21% of successful intrusions despite representing just 2% of attempted attacks. Technical defenses such as EDR, SIEM, SOAR, and DLP are tuned to detect anomalies or malicious payloads, but they struggle with legitimate-looking workflows, voice channels, or user-driven data sharing. As a result, human-centered controls—training, policy enforcement, and behavioral awareness—have become the primary compensating mechanisms for preventing these attacks.

A threat actor identified as Mr_Rot13 is actively exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WebHost Manager (WHM), to deploy a backdoor named Filemanager across compromised environments. The flaw enables remote attackers to gain elevated control of cPanel instances, leading to post-exploitation activities including cryptocurrency mining, ransomware deployment, botnet propagation, and persistent backdoor implantation. The attack chain involves shell scripts fetching a Go-based infector from cp.dene.[de[.]com, which installs an SSH public key for persistence, drops a PHP web shell for remote command execution, and injects JavaScript into login pages to harvest credentials via a ROT13-encoded domain (wrned[.]com). The final payload is a cross-platform backdoor capable of infecting Windows, macOS, and Linux systems.

Frame Security exited stealth mode with $50 million in Series A funding to launch an AI-powered cybersecurity awareness and human risk management platform. The platform integrates simulated phishing, voice and deepfake social engineering attacks with personalized training modules, continuous risk scoring, and automated threat triage for reported suspicious communications. Chief Executive Officer Tal Shlomo and Chief Technology Officer Sharon Shmueli lead the company, with Shlomo previously at Wiz and Shmueli formerly CTO of Team8. The platform is already deployed among startups and Fortune 500 organizations, with funding to expand engineering, AI research, and enterprise go-to-market efforts.

A previously unknown cybercrime group deployed the first documented AI-assisted zero-day exploit capable of bypassing two-factor authentication (2FA) in a widely used open-source web-based system administration tool. The flaw, weaponized via a Python script containing LLM-like code patterns and hallucinated documentation, was likely discovered and refined using an AI system. Exploitation required valid credentials and exploited a high-level semantic logic flaw rooted in a hard-coded trust assumption. Google’s Threat Intelligence Group (GTIG) collaborated with the vendor to remediate the issue and disrupt the campaign, which targeted a large-scale exploitation operation.