Microsoft is investigating an ongoing service disruption that is blocking Teams and Office for the web users from opening files, disrupting access to shared documents across multiple Office Apps. The outage affects at least Excel for the web and shows an error that Office Online services aren't available right now. Microsoft says it is working to restore service while it isolates the root cause of the issue.

A critical RCE flaw in Flowise tracked as CVE-2026-40933 lets an attacker take over self-hosted deployments when a logged-in user imports a malicious workflow file. The weakness sits in the Custom MCP tool and its stdio transport, where user-supplied commands can run on the server. Obsidian Security published working PoC code and said the disclosed fix can be bypassed. The managed Flowise Cloud service is not affected, but operators running the open-source platform should disable stdio and use SSE.

Belgium's CCB warned that CVE-2026-41089 is being actively exploited in the wild, urging admins to immediately patch vulnerable Windows servers because the flaw can enable remote code execution on domain controllers. The advisory covers Windows Netlogon, a core authentication service used in Windows domain-based networks, and the issue affects all currently supported Windows Server versions, including Windows Server 2025. Microsoft had already fixed the bug in the May 2026 Patch Tuesday release.

The Operation Dragon Weave campaign is actively targeting officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments. The infection chain uses a Rust loader, DLL side-loading, and AdaptixC2 to establish remote control and support data exfiltration. The operation also reaches government, research, academic, technology, and financial services sectors. Its final-stage payload, AZUREVEIL, uses Microsoft Azure Blob Storage for dead-drop command-and-control, reducing direct attacker infrastructure exposure.

Microsoft is dealing with an ongoing outage that is blocking some users from setting up multi-factor authentication (MFA) and accessing My Sign-Ins. Affected users are seeing 504 Gateway Timeout errors on mysignins.microsoft.com, which disrupts sign-in management and access setup. Microsoft said it has failed over to alternate infrastructure and is monitoring service health while it evaluates additional mitigation.

The Linux kernel CIFS subsystem has a disclosed CIFSwitch local privilege-escalation flaw that can let an unprivileged local attacker reach root privileges by abusing request_key and cifs.upcall in the CIFS authentication flow. The issue affects multiple Linux distributions with vulnerable kernel CIFS and cifs-utils combinations, including systems where cifs-utils ships by default. Major Linux distributions have rolled out fixes, and a proof-of-concept (PoC) is available to help validate patches, mitigations, detections, and exposure.

Major Linux distributions rolled out fixes for the CIFSwitch security defect, reducing exposure to a root-privilege escalation path in the Linux kernel CIFS subsystem. The patch rollout covered multiple distributions and landed earlier this month. The defect involved the kernel’s CIFS handling and the cifs-utils helper used for authentication. Systems shipping the helper by default, or with it installed manually, faced the most direct exposure before the fixes arrived.

The GammaWorm malware activity now shows a more covert stage that hides modules in NTFS Alternate Data Streams, helping it spread across Ukrainian networks while leaving few on-disk traces. It uses fileless VBScript, scheduled tasks, and registry changes to persist, then propagates through USB sticks and network drives using malicious shortcuts. The worm also pulls C2 details from public services such as Telegram and Cloudflare, keeping the backdoor available for operator commands. The stealthier design makes detection and cleanup harder and raises the risk of repeated reinfection.

The Gamaredon espionage campaign remained active in January 2026, targeting Ukrainian government, military, and critical-infrastructure networks to steal documents and preserve access. The operation shifted toward fileless VBScript and NTFS Alternate Data Streams, reducing on-disk traces and making detection harder. It also used USB sticks, network drives, and dead-drop command-and-control to spread quietly across compromised environments.

Gamaredon remained active in January 2026 against Ukrainian government, military, and critical-infrastructure networks, using a booby-trapped xHTML file and malicious RAR archive to exploit CVE-2025-8088 in WinRAR. The intrusion chain places a hidden HTA file in Startup, leans on fileless VBScript, stores components in NTFS Alternate Data Streams, and uses dead-drop resolvers on Telegram and Cloudflare to support long-term access and document theft. Defensive focus has shifted to patching WinRAR to 7.13 or later and hunting for startup-folder HTA files, alternate data streams, suspicious VBScript, scheduled tasks, registry changes, and removable-media spread. The activity is ongoing, but available evidence does not quantify how many organizations were compromised or how much data was taken.

Microsoft's Known Issue Rollback guidance gives Windows 11 users and admins a workaround for KB5089549 installation failures caused by low EFI System Partition (ESP) space. Affected devices could hit 0x800f0922 errors and roll back near 35–36% completion, and Group Policy can mitigate the issue in enterprise environments. Microsoft also said KB5089573 and later remove the need for the workaround.

Microsoft resolved the Windows 11 KB5089549 installation failure with KB5089573, fixing update rollbacks on devices with limited EFI System Partition (ESP) space. The affected update could fail with 0x800f0922 and undo changes during reboot. Systems on May 26, 2026 and later updates no longer need the workaround.

A malicious supply-chain campaign is stealing OpenAI Codex authentication tokens from developers through the codexui-android npm package and mirrored Android apps, creating persistent account-compromise risk. The package was advertised as a remote web UI, drew 29,000+ weekly downloads, and was altered about a month after publication to exfiltrate credentials from `~/.codex/auth.json`. The same token-theft chain also appeared in OpenClaw Codex Claude AI Agent and Codex, extending the exposure across multiple delivery paths.

A malicious npm package and mirrored Android apps are stealing OpenAI Codex authentication tokens, creating persistent impersonation risk for developers and users. The payload reads `~/.codex/auth.json` and sends access_token, refresh_token, and related OAuth data to sentry.anyclaw[.]store. The same exfiltration chain has been present since [email protected] and also runs inside an Android wrapper through PRoot.

The ChatGPT- and Claude-themed phishing and malvertising campaign is actively steering users to fake download pages that can deliver malware. Attackers are using Google ads, SEO poisoning, and shared-content lures to make the pages look legitimate across multiple variants. The flow presents a bogus outage notice or installation guide, then pushes users toward a malicious download path. Conditional rendering helps the infrastructure hide from scanners while real users are exposed to the payload.

WP Maps Pro versions 6.1.0 and older contain CVE-2026-8732, an unauthenticated flaw that can create rogue administrator accounts and lead to full WordPress site takeover. Defiant observed active targeting and blocked more than 3,600 attempts in 24 hours. A fix is available in WP Maps Pro 6.1.1, and site owners should update immediately.

WP Maps Pro 6.1.1 was released to fix CVE-2026-8732, giving WordPress administrators a patch for a flaw that enabled unauthenticated administrator-account creation. The affected range was versions 6.1.0 and older, and the update was published on May 20. Administrators should install 6.1.1 as soon as possible because malicious activity has already been observed.

A CVE-2026-0257 exploitation wave is hitting Palo Alto Networks PAN-OS GlobalProtect appliances, creating unauthorized VPN access risk for multiple customers. Rapid7 said the activity came in two waves starting May 18 and May 21, likely from the same actor, and it observed successful exploitation via forged cookies. CISA added the flaw to the KEV Catalog, and federal civilian agencies must patch by June 1.

Dutch authorities disrupted a botnet that controlled at least 17 million infected devices and used more than 200 servers in the Netherlands. The network was used to route malicious traffic and support cyberattacks across computers, tablets, smartphones, and IoT devices. Local reporting linked the service to Asocks residential proxies, and the infrastructure provider reportedly took the botnet offline after the police seizure.

PAN-OS and Prisma Access are affected by CVE-2026-0257, an authentication bypass in the GlobalProtect portal and gateway that can let attackers establish an unauthorized VPN connection. Palo Alto Networks said the flaw is under active exploitation in the wild, and Rapid7 reported successful exploitation against numerous customers starting May 17, 2026. The issue is especially risky for devices with authentication override cookies enabled and the relevant certificate configuration.

The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pushes a malicious download. The operation abuses trust in the real domain to increase click-through and hide the handoff to a malware-delivery site. Similar abuse of Claude Artifacts suggests the same AI-sharing tactic is being reused across multiple platforms.

The openew[.]app malware-delivery activity now also uses legitimate ChatGPT shared pages as the first lure, with Google ads and SEO poisoning sending victims to a fake outage/download flow. Push Security said the page is hosted on a chatgpt.com/s/ URL, then redirects users to a cloaked phishing site that impersonates OpenAI's desktop application download portal and can deliver malware on macOS and Windows. The activity is described as InstallFix, a ClickFix variant, and the second-stage page uses conditional rendering to hide the malicious flow from scanners while real users see the download prompt.

California Attorney General Rob Bonta filed a lawsuit against 23andMe over alleged failures to protect sensitive genetic and personal data, escalating state privacy enforcement tied to a 2023 breach that exposed nearly 7 million customers.

ChatGPT has a response-renderer vulnerability that turns summarized third-party pages into live phishing links and auto-fetched attacker-hosted images inside the trusted UI. The flaw abuses Markdown links and Markdown image URLs that survive from a page the assistant just summarized. It can expose users to phishing and tracking when ordinary web-page summarization is used.

BrowserOS patched WebPromptTrap in version 0.32.0, closing an indirect prompt-injection flaw that could trick users into approving an authorization step inside the agentic browser's AI summary flow. The update removes a browser-side weakness that let hidden instructions in summarized content influence trusted UI behavior. It reduces the chance that a legitimate-looking page can be turned into a deceptive prompt surface.

A Marimo notebook compromise led to credential theft, SSH access, and exfiltration of an internal PostgreSQL database, expanding a single initial intrusion into deeper post-compromise access. The intrusion used CVE-2026-39987 to reach a downstream SSH bastion server through harvested cloud credentials and AWS Secrets Manager. The attack chain was recorded on May 10, 2026 and included eight SSH sessions plus database theft completed in under two minutes at the bastion stage.

CVE-2026-39987 in Marimo is being exploited through the /terminal/ws endpoint to give unauthenticated attackers a shell on exposed notebook servers. The first observed abuse arrived about 9 hours and 41 minutes after disclosure and moved into manual reconnaissance and secret-harvesting against internet-facing instances. Marimo released 0.23.0 to fix the flaw, and CISA added CVE-2026-39987 to the KEV catalog with a 2026-05-07 remediation deadline. Available evidence does not quantify how many deployments were reached, but the observed behavior shows rapid weaponization against exposed systems.

French cybersecurity startup MokN raised $15 million in a Series A round led by Google Ventures, giving the company new capital to scale its identity-protection business. The financing will help expand the phish-back platform into the US and support new offices in the US and UK. MokN also plans to hire across sales, marketing, customer success, engineering, and R&D to widen its cybersecurity reach.

Underground DDoS sellers are shifting from scattered tools to packaged, resellable services, lowering the barrier for disruptive attacks and widening the buyer pool. Listings seen across 2023 to 2026 increasingly advertise panels, API access, monthly plans, customer support, and botnet-backed capacity instead of scripts or leaked tools. The market is now priced and marketed like a mature service business, with low-cost tests, premium tiers, and reseller options that make attacks easier to launch and redistribute.

Dutch police and the NCSC seized more than 200 servers and took offline a 17 million-device botnet, disrupting infrastructure used for cyberattacks. The action followed a joint investigation and targeted hosting at a local provider in the Netherlands. Authorities said the botnet controlled computers, tablets, and smartphones for criminal abuse.