A critical unauthenticated vulnerability in the Funnel Builder WordPress plugin (all versions before 3.15.0.3) is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages. The flaw allows attackers to modify plugin settings via an exposed checkout endpoint, enabling arbitrary JavaScript execution on checkout pages. This results in the deployment of a payment card skimmer that collects credit card numbers, CVVs, billing addresses, and other customer data.

Security researchers at Pwn2Own Berlin 2026, held from May 14 to May 16, 2026, demonstrated 39 unique zero-day exploits across enterprise technologies and AI systems, earning $908,750 in total rewards. Orange Tsai (DEVCORE Research Team) achieved SYSTEM-level remote code execution on Microsoft Exchange by chaining three bugs, earning $200,000 on the second day. Earlier, Tsai had also chained four logic bugs to escape the Microsoft Edge sandbox, earning $175,000 on the first day. Windows 11 privilege escalation zero-days were demonstrated by six teams across both days, including Angelboy and TwinkleStar03, Kentaro Kawane, Marcin Wiążowski, Siyeon Wi, and others, with individual awards ranging from $7,500 to $30,000. Additional exploits targeted Red Hat Enterprise Linux, NVIDIA Container Toolkit, Microsoft Exchange, AI coding agents (OpenAI Codex, Cursor), and other products, with awards totaling $20,000 to $50,000 per entry. All targeted exploits required arbitrary code execution on fully patched systems under Pwn2Own rules. Vendors have 90 days to address disclosed zero-days after the competition.

Three legitimate versions of the widely used node-ipc npm package (9.1.6, 9.2.3, and 12.0.1) were republished with malicious stealer/backdoor code by an unauthorized maintainer account named 'atiertant', triggering on require('node-ipc') and exfiltrating developer and cloud secrets to a rogue C2 server. The attack features novel evasion tactics including DNS-based exfiltration via a fake Azure-themed domain (sh.azurestaticprovider[.]net), conditional payload execution in version 12.0.1, and targeted collection of 90 categories of credentials. This incident follows a prior 2022 protest-related compromise where the original maintainer added destructive capabilities to versions 10.1.1 and 10.1.2 targeting systems in Russia or Belarus, yet node-ipc retains over 690,000 weekly downloads. Security vendors (Socket, Ox Security, Upwind) confirmed the malicious nature of the affected versions, which skip large files and avoid scanning .git and node_modules directories to reduce operational noise.

Turla (Secret Blizzard, ATG26, Blue Python, Uroburos) has upgraded its Kazuar .NET backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence and covert operations against government, diplomatic, and defense targets in Europe and Central Asia. The overhaul introduces a three-tier module architecture—Kernel, Bridge, and Worker—coordinated via droppers such as Pelmeni and ShadowLoader. Kernel modules act as the botnet’s control plane, electing a leader to mediate C2 communication while Workers exfiltrate data, log keystrokes, and profile systems. Communication uses multiple channels including Windows Messaging, Mailslot, named pipes, HTTP, Exchange Web Services, and WebSockets to evade detection. The design emphasizes resilience through internal P2P coordination, multi-path C2 redundancy, and persistent on-disk staging of operational data.

Two vulnerabilities in the Avada Builder WordPress plugin—CVE-2026-4782 (arbitrary file read) and CVE-2026-4798 (unauthenticated SQL injection)—have exposed approximately one million WordPress sites to credential theft and full site compromise. The arbitrary file read flaw allows authenticated subscribers to access sensitive server files, including wp-config.php, via the plugin’s shortcode-rendering functionality and custom_svg parameter. Access to wp-config.php can lead to full site takeover by enabling compromise of an administrator account. The unauthenticated SQL injection flaw, rated CVSS 7.5, impacts sites where WooCommerce was enabled and then deactivated, enabling attackers to extract database contents such as password hashes. The vulnerabilities were discovered by security researcher Rafie Muhammad under the Wordfence Bug Bounty Program and reported to the vendor on March 24, 2026, following submission to Wordfence on March 21. The vendor released patches in versions 3.15.2 (April 13) and 3.15.3 (May 12), with site administrators urged to update immediately.

Microsoft Edge will stop loading saved passwords into process memory in cleartext at startup to reduce exposure, addressing a behavior previously defended as an intentional performance optimization. The change is already in the Canary channel and will roll out to all supported Edge releases (build 148 and newer) as part of the company’s Secure Future Initiative. Credential extraction via memory dumping remains possible only if an attacker already has local administrative privileges, a scenario Microsoft does not classify as a security flaw. Earlier disclosures revealed that Edge decrypts and retains all stored passwords in cleartext memory at startup, a behavior unique among Chromium-based browsers. Exploitation requires local administrative access to dump the browser’s process memory via tools like Task Manager, enabling extraction of plaintext credentials even when not actively in use. Microsoft initially stated the design choice was intentional to speed up sign-in processes.

A previously identified infostealer, Gremlin, has evolved into a modular threat actor toolkit with advanced evasion and session hijacking features. The malware now exfiltrates sensitive data including browser cookies, session tokens, clipboard contents, cryptocurrency wallet data, FTP and VPN credentials to a newly deployed server at 194.87.92.109. Key enhancements include anti-static analysis obfuscation via .NET Resource embedding and XOR encoding, Discord token extraction for social engineering, clipboard manipulation for cryptocurrency redirection, and WebSocket-based active session hijacking to bypass cookie protections.

A malware-as-a-service (MaaS) operation distributing the REMUS infostealer has rapidly evolved since February 2026, transitioning from basic credential theft to a structured platform emphasizing session persistence, password-manager targeting, and operational scalability. The operation demonstrates commercialization practices typical of legitimate software businesses, including versioned updates, customer support, operational dashboards, and delivery reliability claims (~90% callback rate). The infostealer now integrates SOCKS5 proxy support, token restoration workflows, anti-VM evasion, and targeted collection from Discord, Steam, Riot Games, Telegram, and browser-based password managers (Bitwarden, 1Password, LastPass) via IndexedDB and extension storage. This shift reflects a broader underground trend prioritizing authenticated sessions and browser-side authentication artifacts to bypass MFA and maintain long-term access.

A chain of four vulnerabilities (CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, CVE-2026-44118) in OpenClaw’s OpenShell sandbox and MCP loopback runtime allows attackers to bypass sandbox restrictions, read sensitive files, escalate to owner-level privileges, and establish persistence. Exploitation begins with code execution inside the sandbox via a malicious plugin, prompt injection, or compromised input, then progresses through credential exposure, privilege escalation, and backdoor deployment. Impact includes unauthorized data theft, full runtime control, and persistent compromise of affected hosts. The vulnerabilities are leveraged in a four-step chain: initial code execution, file and credential exposure via TOCTOU and heredoc bypass, privilege escalation via spoofable ownership flags, and final persistence through configuration tampering and backdoor planting.

Microsoft is implementing Cloud-Initiated Driver Recovery, an automated mechanism to remotely roll back problematic Windows drivers distributed through Windows Update. The feature mitigates prolonged exposure to faulty drivers by enabling Microsoft to trigger a rollback to a previously stable version or the next viable driver without requiring manual intervention from hardware partners or end users. The recovery leverages existing Windows Update infrastructure and is activated only for drivers rejected during the Driver Shiproom evaluation due to quality issues. The capability will begin rollbacks for drivers rejected during Flighting or Gradual Rollout starting September 2026, following a testing phase from May to August 2026.

Dark Reading commemorated its 20th anniversary by inviting prominent cybersecurity industry leaders to revisit their past columns and assess their relevance through a historical lens. The initiative involved selecting influential past writings from the Dark Reading archives, many of which had been archived via the Wayback Machine due to platform migrations over two decades. Contributing columnists including Robert Hansen (RSnake), Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier contributed reflections on how their topics have evolved and the enduring or fading accuracy of their original insights.

A ransomware attack against American Lending Center (ALC), a California-based non-bank lender managing a $3 billion portfolio of government-guaranteed small business loans, led to the compromise of internal networks and potential theft of personally identifiable information (PII) for 123,000 individuals. The incident was detected in July 2025, and a forensic investigation completed on April 8, 2026, confirmed unauthorized access and execution of ransomware. Compromised data includes names, dates of birth, and Social Security numbers, though ALC reports no evidence of subsequent misuse as of the disclosure.

Bitdefender publicly announces a 45-day Internal Attack Surface Assessment program designed to identify and reduce exposure from trusted utilities abused in attacks. The assessment targets Windows endpoints and maps living-off-the-land binaries (LOLBins), remote administration tools, tampering utilities, cryptominers, and piracy tools to specific users and devices with minimal operational impact. It leverages GravityZone PHASR—a Proactive Hardening and Attack Surface Reduction technology—to produce prioritized remediation roadmaps. Early adopters reported up to 70% attack surface reduction within 30 days without end-user disruption or malware investigation overhead.

OpenAI has confirmed that two employee devices in its corporate environment were infected via the Mini Shai-Hulud supply chain attack on TanStack, resulting in limited credential theft from internal repositories but no impact on customer data, production systems, or deployed software. OpenAI responded by isolating systems, revoking user sessions, rotating all credentials, temporarily restricting deployment workflows, and auditing user and credential behavior. As a precaution, OpenAI revoked and reissued code-signing certificates for iOS, macOS, Windows, and Android products due to exposure in the incident, with macOS desktop users (ChatGPT Desktop, Codex App, Codex CLI, Atlas) required to update applications before June 12, 2026. The incident reflects a broader escalation of the Mini Shai-Hulud campaign, which initially targeted TanStack and Mistral AI before spreading to UiPath, Guardrails AI, and OpenSearch via stolen CI/CD credentials and legitimate GitHub Actions workflows. TeamPCP continues to refine tactics, including the public distribution of the Shai-Hulud worm through a supply chain attack contest, while targeting developer and cloud credentials across ecosystems. The malware employs advanced persistence, credential harvesting, and destructive sabotage components, with technical innovations such as a multi-tier C2 exfiltration system and a 1-in-6 probability kamikaze wiper on systems in Israel or Iran. Mistral AI separately confirmed impact via trojanized SDKs, with a single developer device affected and no infrastructure breach.

A high-severity spoofing vulnerability in on-premises Microsoft Exchange Server (CVE-2026-42897, CVSS 8.1) is being actively exploited in the wild. The flaw arises from improper neutralization of input during web page generation, enabling cross-site scripting (XSS) that permits unauthorized spoofing over a network. Attackers can exploit this by sending a specially crafted email to a user; when opened in Outlook Web Access under specific interaction conditions, arbitrary JavaScript can execute in the browser context, facilitating further unauthorized actions. Microsoft has confirmed active exploitation and reports that patches are not yet available, with mitigation provided via the Exchange Emergency Mitigation Service (EEMS) for Exchange Server 2016, 2019, and Subscription Edition (SE) on-premises servers. Patch availability for some versions is restricted to customers enrolled in the Period 2 Exchange Server ESU program.

China-linked threat actors deployed a previously undocumented malware implant named TencShell against a global manufacturer’s Indian branch in April 2026. The attack chain involved a first-stage dropper, Donut shellcode, a masqueraded .woff web-font resource, memory injection, and web-like C2 communication to deliver a customized Go-based implant derived from the open-source Rshell C2 framework. TencShell mimics Tencent-like web service paths to blend into normal enterprise traffic. If successful, the implant would have provided comprehensive access, including remote command execution, in-memory payload execution, proxying, pivoting, system profiling, and a path to deploy additional tooling.

A critical authentication bypass vulnerability (CVE-2026-20182) in Cisco Catalyst SD-WAN Controller and Manager is being actively exploited in the wild, enabling unauthenticated remote attackers to bypass authentication and obtain administrative privileges. The flaw stems from a malfunction in the peering authentication mechanism within the 'vdaemon' service and impacts all deployment models. CVE-2026-20182 was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on May 15, 2026, mandating federal patching by May 17, 2026. Cisco has attributed exploitation with high confidence to UAT-8616, the same cluster responsible for weaponizing CVE-2026-20127 since at least 2023. The threat actor leverages the flaw for post-compromise actions, including adding SSH keys, modifying NETCONF configurations, and attempting to escalate to root privileges. Infrastructure overlaps with Operational Relay Box (ORB) networks, commonly linked to Chinese state-sponsored actors. Threat actors have chained CVE-2026-20182 with CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 to enable unauthorized access, deploying web shells, malware frameworks, and tools such as Godzilla, Behinder, XenShell, and credential stealers. Cisco recommends immediate updates, restricting access to management interfaces, and monitoring for indicators of compromise.

Unpatched installations of the WordPress analytics plugin Burst Statistics (versions 3.4.0 and 3.4.1) are being actively exploited due to a critical authentication bypass flaw, CVE-2026-8181. The vulnerability allows unauthenticated remote attackers to impersonate any privileged WordPress user—including administrators—during REST API requests by supplying an arbitrary password. Successful exploitation can grant full administrative control, enabling site takeover, database access, backdoor deployment, visitor redirection to malicious destinations, malware distribution, and creation of rogue administrator accounts. Admin usernames may be exposed through public content or API endpoints, or guessed via brute-force methods. The issue stems from incorrect handling of authentication results in the ‘wp_authenticate_application_password()’ function, where WP_Error and null values are erroneously treated as authenticated states.

Instructure, the company behind the Canvas Learning Management System, confirmed a cybersecurity incident that began with an intrusion on April 25, 2026, attributed to the ShinyHunters extortion gang. The actor claimed to have stolen approximately 3.65 TB of data, including records from 8,809 educational institutions, and escalated its extortion campaign with a school-by-school ransom approach. ShinyHunters exploited multiple cross-site scripting (XSS) vulnerabilities in Canvas’ Free-For-Teacher environment to gain access to authenticated admin sessions during a second intrusion on May 7, 2026. The threat actor defaced Canvas login portals with extortion messages demanding ransom negotiations by May 12, 2026, and temporarily took Canvas offline to contain the activity. No data was compromised during the defacement, but the 3.65 TB of exfiltrated data from the initial breach remained the primary concern. On May 13, 2026, Instructure reached an agreement with ShinyHunters, reporting that the stolen data had been returned with digital confirmation of destruction and assurances against further extortion. The company disclosed the breach originated from an undisclosed flaw in Free-For-Teacher support tickets, enabling the exfiltration of about 275 million records, including usernames, email addresses, course names, enrollment information, and messages. Course content, submissions, and credentials were not compromised. Instructure implemented further mitigations, including disabling Free-For-Teacher accounts, revoking credentials, rotating keys, and deploying additional controls. Researchers warned the leaked data could facilitate impersonation attacks, urging institutions to issue phishing advisories and direct communications to stakeholders. Congressional scrutiny has now emerged, with the U.S. House Committee on Homeland Security and the Senate Committee on Health, Education, Labor, and Pensions requesting briefings on Instructure’s response, potential ransom payment, and the company’s handling of a prior 2025 Salesforce breach linked to ShinyHunters. The incident has raised broader questions about the company’s incident response capabilities and obligations to the education sector.

State-sponsored threat actors tracked as CL-STA-1132 exploited the critical PAN-OS firewall zero-day CVE-2026-0300 since at least April 9, 2026, achieving initial unauthenticated remote code execution by April 16–17, 2026. The vulnerability, a buffer overflow in the User-ID Authentication Portal service, enabled root-level arbitrary code execution on exposed PA-Series and VM-Series firewalls. Attackers injected shellcode into nginx worker processes and immediately began erasing forensic artifacts, including crash kernel messages and nginx records, to evade detection. Post-compromise activity included Active Directory enumeration and deployment of EarthWorm and ReverseSocks5 tunneling tools on April 29, 2026, targeting additional network devices. The adversary’s use of open-source tools and disciplined, intermittent operational sessions over weeks minimized signature-based detection while maintaining stealth. Over 5,400 PAN-OS VM-Series firewalls remain exposed on the internet, predominantly in Asia and North America. CISA added CVE-2026-0300 to its Known Exploited Vulnerabilities Catalog on May 7, 2026, mandating federal remediation by May 9, 2026. Palo Alto Networks released initial patches for CVE-2026-0300 on May 14, 2026.

UNC6384, a China-nexus threat actor assessed to share tactical overlaps with Mustang Panda, continues targeted espionage campaigns leveraging advanced social engineering and indirect execution techniques. Recent reporting confirms Mustang Panda’s use of the FDMTP backdoor (version 3.2.5.1) in a months-long campaign against networks in the Asia-Pacific and Japan, involving CDN impersonation, DLL sideloading, and in-memory .NET execution. The group employs modular plugins for persistence, scheduled tasks, and remote file retrieval, with communication over a custom TCP protocol using DMTP. The campaign targeting U.S. government and policy entities via Venezuela-themed spear phishing to deliver the LOTUSLITE backdoor remains under investigation, with moderate-confidence attribution to Mustang Panda. Earlier phases described UNC6384’s captive portal hijacks to deploy PlugX variants (SOGU.SEC) and linked tooling overlaps with Mustang Panda’s Bookworm malware, highlighting the sophistication of PRC-nexus operators in evading detection.

Industry discussions highlight a fundamental rethinking of data center security architectures following recurring VMware ESXi zero-day vulnerabilities and ESXiArgs ransomware campaign, which demonstrated that host-based security agents fail to detect or mitigate hypervisor-level compromises. Security teams increasingly explore Data Processing Unit (DPU)-based security models to offload security workloads from host CPUs, eliminating performance trade-offs while providing tamper-proof, line-rate inspection and policy enforcement. The architecture isolates security functions on dedicated silicon, enabling comprehensive east-west and north-south traffic visibility without host OS dependency, a critical gap exposed by lateral movement attacks and transient workloads in modern AI and containerized environments.

Google launched Android Intrusion Logging on May 12, 2026 as part of Advanced Protection Mode to provide persistent, encrypted forensic logging for investigating advanced spyware compromises on Android devices. Developed with civil society organizations including Amnesty International and Reporters Without Borders, the feature captures daily device and network activities such as app processes, security events, spyware installations, and DNS connections, storing encrypted logs for 12 months on Google servers. Users must explicitly share logs for forensic analysis, and the feature is opt-in for Pixel devices running Android 16 and newer with Advanced Protection Mode enabled. The feature was developed to address gaps in spyware forensic analysis where previous methods relied on incidental, partial, and short-lived logs. Additional updates to Advanced Protection Mode include USB protection, restricted accessibility services, disabled device-to-device unlocking, Chrome WebGPU removal, chat scam detection, and enterprise device support, enhancing protections for high-risk users against scams, fraud, and targeted attacks.

Fragnesia (CVE-2026-46300, CVSS 7.8) is a Linux kernel local privilege escalation vulnerability in the XFRM ESP-in-TCP subsystem that enables unprivileged local attackers to corrupt kernel page cache and gain root access. The flaw was discovered by William Bowling of Zellic and the V12 team, with a proof-of-concept exploit published on May 13, 2026. It operates by feeding file contents into a TCP socket, enabling ESP-in-TCP encryption to overwrite page cache memory (including /usr/bin/su) with AES-GCM keystreams, leaving no forensic trace on disk. The vulnerability emerged as an unintended side effect of a patch addressing the Dirty Frag vulnerabilities and affects all Linux kernels prior to disclosure. A candidate upstream fix was submitted to the netdev mailing list on May 13 but remains unmerged, while multiple distributions have issued backported patches. Mitigation strategies include disabling esp4, esp6, and rxrpc modules (which also cover Dirty Frag), restricting unprivileged user namespaces, and monitoring for suspicious XFRM or namespace activity. No in-the-wild exploitation has been observed, but the public PoC and historical context heighten urgency for patching.

Cybersecurity investment activity in 2026 has surged due to AI adoption, with $3.8 billion in venture financing outpacing $2.6 billion in merger and acquisition (M&A) deal value during Q1 2026. The influx of capital is disproportionately directed toward AI-native security startups, creating a widening ‘valley of death’ for non-AI companies struggling to secure follow-on funding. AI-driven security offerings are expanding enterprise attack surfaces while simultaneously disrupting traditional sectors such as vulnerability management. Analysts anticipate a consolidation wave in 2026-2027, with predictions of multibillion-dollar acquisitions by hyperscalers and AI frontier model providers targeting strategic cybersecurity capabilities.

Foxconn confirmed a cyberattack impacting North American factories, disrupting operations and prompting recovery efforts. The Nitrogen ransomware gang has claimed responsibility, alleging theft of 8 TB of data and over 11 million documents, including confidential customer projects and intellectual property. Affected facilities are resuming normal production as incident response continues. The attack underscores the escalating targeting of manufacturing supply chains, where threat actors exploit operational sensitivity and high-value data. Foxconn, a key supplier to major technology firms, faces potential downstream impact as stolen data may include sensitive documentation tied to clients like Apple, Intel, Google, Nvidia, and others. Industry data shows manufacturing as the most heavily targeted sector for ransomware in 2026, with nearly 70% more victims than any other industry, reflecting attackers' focus on organizations where downtime directly halts revenue and production.

Within four hours of public disclosure, threat actors exploited CVE-2026-44338, an authentication bypass vulnerability in PraisonAI’s legacy Flask API server, to access sensitive endpoints without credentials. The flaw, affecting versions 2.5.6 through 4.6.33, stems from hard-coded authentication disablement (AUTH_ENABLED = False) and allows unauthenticated enumeration of configured agents and execution of agents.yaml workflows via /agents and /chat endpoints. Impact varies depending on the workflow’s permissions but includes quota exhaustion and exposure of PraisonAI.run() results. A patched version (4.6.34) is available. Exploitation activity was observed originating from IP 146.190.133[.]49 and using the User-Agent CVE-Detector/1.0.

AI hallucinations—confidently presented yet factually incorrect outputs—are introducing significant security risks in critical infrastructure and cybersecurity operations by exploiting human trust in authoritative-sounding responses. A 2025 evaluation of 40 AI models using the AA-Omniscience benchmark revealed that 36 models were more likely to provide confidently incorrect answers than correct ones on difficult questions, emphasizing the systemic nature of this issue. These hallucinations manifest in cybersecurity through missed threats, fabricated threats, and incorrect remediation actions, all of which can lead to operational disruptions, financial loss, or cascading security incidents. The primary vulnerability stems from a lack of inherent verification mechanisms in base language models, which prioritize coherence over factual accuracy, particularly when integrated into automated or high-stakes decision-making workflows.

Dell confirmed that a recent update to its SupportAssist Remediation service (version 5.5.16.0) is causing Windows blue-screen-of-death (BSOD) crashes across Dell and Alienware systems. The crashes stem from a critical process error (0xEF_DellSupportAss_BUGCHECK_CRITICAL_PROCESS) introduced in the update, prompting users to uninstall or disable the service as a temporary workaround. The issue has affected systems since late May 2026, with Dell engineering actively investigating a permanent fix.

A security researcher publicly disclosed two unpatched Windows vulnerabilities, YellowKey and GreenPlasma, including proof-of-concept (PoC) exploits, enabling BitLocker bypass and local privilege escalation (LPE) respectively. The researcher, known as Chaotic Eclipse or Nightmare Eclipse, criticized Microsoft's handling of prior disclosures, leading to these new disclosures ahead of the next Patch Tuesday. YellowKey exploits the Windows Recovery Environment (WinRE) to bypass BitLocker encryption on Windows 11, Windows Server 2022, and Windows Server 2025 systems, allowing unrestricted access to encrypted volumes without requiring user credentials. The attack leverages specially crafted 'FsTx' files placed on a USB drive or the EFI partition, triggering a shell upon recovery mode entry. The researcher emphasized that even TPM+PIN configurations do not mitigate YellowKey. GreenPlasma is an LPE flaw enabling SYSTEM-level access through arbitrary section creation in writable SYSTEM directories, with a partial PoC released. Microsoft has not yet patched either vulnerability and has not assigned a CVE identifier to GreenPlasma.