INTERPOL coordinated a regional cybercrime disruption campaign across 13 MENA countries from October 2025 to February 2026, resulting in 201 arrests, identification of 382 additional suspects, and the seizure of 53 servers. The operation, codenamed Ramz, targeted phishing and malware threats, cyber scams, and phishing-as-a-service (PhaaS) operations, identifying 3,867 victims. Technical actions included server seizures (e.g., Algerian PhaaS infrastructure), takedowns of compromised devices in Oman and Qatar, and dismantling of a human trafficking-linked financial fraud ring in Jordan. Private sector contributions—including Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, and TrendAI—provided actionable intelligence on over 5,000 compromised accounts, including government-associated entities. Operation Ramz is the third major cybercrime crackdown led by INTERPOL in 2026, following March’s Operation Synergia III, which sinkholed 45,000 malicious IP addresses and resulted in 94 arrests across 72 countries.

Since June 2025, the COOKIE SPIDER group’s Shamos infostealer and Atomic macOS Stealer (AMOS) variants have targeted Mac devices via evolving ClickFix social engineering campaigns, stealing data and credentials from browsers, Keychain, Apple Notes, and cryptocurrency wallets. Early campaigns used malvertising, fake GitHub repositories, and signed Swift applications hosted on legitimate platforms, while also leveraging Terminal-based ClickFix tactics and obfuscated payloads. In March 2026, Apple introduced a Terminal security feature in macOS Tahoe 26.4 to disrupt ClickFix attack chains by blocking pasted command execution and warning users of risks. A major evolution emerged in April 2026 when Jamf researchers observed attackers abusing the built-in Script Editor application to bypass these protections using fake Apple-themed disk cleanup guides and malicious applescript:// URL scheme execution. The Script Editor-based ClickFix variation enabled theft of Keychain data, browser autofill, cryptocurrency wallet extensions, and system details without Terminal interaction, and introduced a backdoor component for persistent access. Most recently, SentinelOne has identified a new SHub macOS infostealer variant, dubbed Reaper, which further refines the Script Editor-based ClickFix attack vector. Reaper uses a fake Apple security update message displayed via the applescript:// URL scheme to launch Script Editor with a malicious AppleScript payload dynamically constructed and hidden under ASCII art. The malware bypasses Apple’s Terminal mitigations, performs device fingerprinting to evade sandboxes, and targets extensive data across browsers, wallets, password managers, iCloud, Telegram, and developer files. It includes a Filegrabber module for collecting sensitive documents and a wallet hijacking mechanism that replaces legitimate application files with malicious payloads. Reaper establishes persistence via a Google software update impersonation script registered as a LaunchAgent, enabling periodic beaconing to the C2 server and remote payload execution. Notably, the malware includes geofencing to avoid infecting Russian systems and represents an escalation in capabilities, incorporating remote access functionality to allow additional malware deployment on compromised macOS devices.

A chain of four vulnerabilities (CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, CVE-2026-44118) in OpenClaw’s OpenShell sandbox and MCP loopback runtime allows attackers to bypass sandbox restrictions, read sensitive files, escalate to owner-level privileges, and establish persistence. Exploitation begins with code execution inside the sandbox via a malicious plugin, prompt injection, or compromised input, then progresses through credential exposure, privilege escalation, and backdoor deployment. Impact includes unauthorized data theft, full runtime control, and persistent compromise of affected hosts. The vulnerabilities were discovered and reported by Cyera in April 2026, who named the exploit chain "Claw Chain." OpenClaw released patches in version 2026.4.22, but all prior versions remain vulnerable to chained attacks that blend into normal agent behavior. The flaws permit bypassing sandbox restrictions (CVE-2026-44112), reading sensitive files (CVE-2026-44113), command execution via shell expansion tokens (CVE-2026-44115), and privilege escalation through spoofed ownership flags (CVE-2026-44118). The combined attack chain enables initial access via malicious plugins or prompt manipulation, credential and file theft, privilege escalation, and persistent backdoor deployment while evading conventional security monitoring.

A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) exposed credentials for multiple highly privileged AWS GovCloud accounts and internal CISA systems via a public GitHub repository named "Private-CISA" over an extended period. The repository contained plaintext passwords, cloud keys, tokens, logs, and software deployment details, enabling potential lateral movement within CISA’s internal networks. The exposure was first reported by GitGuardian researcher Guillaume Valadon on May 15, 2026, and the repository was taken offline shortly thereafter, though exposed AWS keys remained valid for an additional 48 hours. CISA has stated there is no indication of sensitive data compromise resulting from this incident. The contractor, employed by Nightwing, used the repository as an informal synchronization mechanism between work and personal environments, disabling GitHub’s default secrets detection features.

OpenAI confirmed that two employee devices were infected via a Mini Shai-Hulud supply chain attack on TanStack, resulting in limited credential theft from internal repositories but no impact on customer data, production systems, or deployed software. OpenAI responded by isolating systems, revoking user sessions, rotating all credentials, temporarily restricting deployment workflows, and auditing user and credential behavior. As a precaution, OpenAI revoked and reissued code-signing certificates for iOS, macOS, Windows, and Android products due to exposure in the incident, with macOS desktop users required to update applications before June 12, 2026. The incident reflects a broader escalation of the Mini Shai-Hulud campaign, which initially targeted TanStack and Mistral AI before spreading to UiPath, Guardrails AI, and OpenSearch via stolen CI/CD credentials and legitimate GitHub Actions workflows. TeamPCP continues to refine tactics, including the public distribution of the Shai-Hulud worm through a supply chain attack contest. Recent developments show the rapid weaponization of the leaked source code, with threat actors publishing four malicious npm packages—including a direct clone ('chalk-tempalte') and a Golang-based DDoS botnet ('axois-utils')—that leverage the campaign's infrastructure to exfiltrate credentials to C2 servers and GitHub repositories, while establishing persistence mechanisms across Windows and Linux systems. The combined weekly download count of over 2,600 underscores the escalating reach and adoption of the campaign's tactics by cybercriminals. New analysis highlights how the campaign exemplifies a broader shift where supply chain attackers target developer workstations and CI/CD pipelines to harvest credentials and context, turning infected environments into credential collection points that expose thousands of secrets across GitHub, cloud services, and internal systems. This trend underscores the need for security teams to treat developer workstations as critical supply chain boundaries. The public release of the Shai-Hulud source code by TeamPCP has accelerated this trend, enabling rapid cloning and weaponization into new packages and variants, with Monday noting the emergence of automated supply chain attacks that weaponize developer identity and CI/CD trust.

Over 80% of employees now use unapproved generative AI applications at work, with only 12% of companies maintaining formal AI governance policies. Shadow AI activity primarily occurs through OAuth connections to corporate data, browser extensions, and AI features embedded in pre-approved tools. This unsanctioned usage bypasses traditional security controls, creating significant governance and data exposure risks. Enterprises struggle to balance productivity with security, as employees adopt AI tools 3–5 times daily without IT oversight. The EU AI Act’s mandate for AI system visibility has intensified the need for continuous monitoring and risk assessments. Solutions like Harmonic Security’s platform enable enterprises to enforce smart governance policies based on data sensitivity, employee roles, and tool nature, addressing the operational realities highlighted by recent research.

Iranian state-sponsored threat actors are alleged to have compromised automatic tank gauge (ATG) systems monitoring fuel levels at US gas station storage tanks, impacting display readings but not actual fuel levels. The incidents leveraged internet-exposed ATG devices lacking password protections, enabling unauthorized access and manipulation of monitoring data. While no disruption to fuel infrastructure has been confirmed, the attacks demonstrate Iran’s expanding cyber capabilities against US critical infrastructure amid ongoing regional geopolitical tensions.

Interpol coordinated Operation Ramz, a regional cybercrime suppression effort spanning 13 Middle East and North Africa (MENA) countries from October 2025 to February 2026, resulting in 201 arrests and the identification of 382 suspects alongside 3,867 victims. The operation focused on dismantling phishing, malware, and cyber scam networks, leading to the seizure of 53 malicious servers and the dissemination of nearly 8,000 data and intelligence artifacts to support ongoing investigations. Cross-border coordination included public-private partnerships with security firms such as Group-IB, Kaspersky, Shadowserver Foundation, Team Cymru, and TrendAI, alongside regional law enforcement and EU/Council of Europe funding.

A spoofing vulnerability affecting on-premises Microsoft Exchange Server (CVE-2026-42897, CVSS 8.1) is being actively exploited in the wild. The flaw stems from a cross-site scripting weakness and enables unauthorized access through impersonation vectors. Microsoft has issued a temporary mitigation via the Exchange Emergency Mitigation Service while developing a permanent fix. No details on exploitation methods, threat actor identity, target scope, or successful compromise rates have been disclosed. Immediate patching or mitigation is recommended for exposed Exchange environments.

Grafana Labs disclosed that attackers breached its GitHub environment using a stolen access token, leading to the exfiltration of proprietary source code. The company confirmed no customer data or operational systems were affected and that forensic analysis traced the leak to compromised credentials, which were revoked and supplemented with additional security controls. The threat actor, identified as the extortion-focused gang CoinbaseCartel (linked to ShinyHunters and LAPSUS$ ecosystems), added Grafana to its data leak site without publishing data and demanded payment to prevent publication. Grafana declined to pay, citing FBI guidance, and stated it would release further details after completing its post-incident investigation. CoinbaseCartel, active since September 2025, has claimed over 100 victims on its DLS and uses social engineering, phishing, and compromised credentials for initial access. The gang also deploys the 'shinysp1d3r' tool to encrypt VMware ESXi targets. Grafana’s product is used by more than 7,000 organizations, including 70% of the Fortune 50 companies.

Infosecurity Europe 2026 will host a dedicated Cyber Startups Zone and a live pitch competition on 2 June for five cybersecurity startups, featuring AI-native and risk-focused technologies. The competition introduces a new startup-focused exhibition area and offers finalists direct access to industry leaders, investors, and buyers. The winner receives a 2027 exhibition stand, PR support, and a brand workshop package. Judges include Shlomo Kramer (Check Point, Palo Alto Networks founder) and senior CISOs from Close Brothers and Underwriting.

A phishing campaign targeting U.S. organizations—particularly in Education, Banking, Government, Technology, and Healthcare—was analyzed using interactive sandboxing, revealing a multi-stage attack chain initiated via fake invitations containing CAPTCHA checks and event-themed pages. The campaign progressed within 38 seconds to credential theft, OTP code capture, and delivery of legitimate remote monitoring and management (RMM) tools, exposing the risk of account compromise, remote access, and operational disruption. SOC teams leveraged behavior-based analysis to validate exposure, confirm scope, and reduce investigation timelines from uncertainty to actionable evidence.

Five US healthcare organizations disclosed data breaches affecting at least 5.6 million individuals, with incidents linked to third-party access and unauthorized network access spanning late 2025 to early 2026. The largest confirmed breach involves Nacogdoches Memorial Hospital in Texas, impacting 2.5 million individuals, followed by New York City Health and Hospitals Corporation with 1.8 million affected users. Other impacted organizations include Erie Family Health Centers in Illinois (570,000 individuals), Florida Physician Specialists (276,000), Coastal Carolina Health Care in North Carolina (110,000), and Western Orthopaedics in Colorado (110,000).

The ShinyHunters threat actor group claimed responsibility for a data breach at 7-Eleven, a global convenience store chain, after infiltrating systems used to store franchisee documents. The intrusion was detected on April 8, 2026, and involved the theft of unspecified personal information submitted during franchise applications. ShinyHunters listed 7-Eleven on its leak site on April 17, alleging the theft of over 600,000 Salesforce records containing personal and corporate data. The group demanded a ransom by April 21 and later attempted to sell the data for $250,000 on a hacker forum.

Microsoft has introduced resizable taskbar and Start menu functionality in Windows 11 Insider Preview Build 26300.8493, addressing longstanding user requests. The update enables users to resize the taskbar by enabling smaller buttons, reducing vertical space usage, and reposition the taskbar to any screen edge without requiring a restart. Start menu changes include toggling recommended content, customizing size, hiding user profile elements, and improved file relevance prioritization. Additional refinements target Windows Run dialog modernization with dark mode and removal of rarely used features.

Multiple vendors have released critical security updates addressing remote code execution (RCE), SQL injection, and privilege escalation vulnerabilities across enterprise software and infrastructure. Ivanti patched an authentication bypass flaw in Xtraction (CVE-2026-8043, CVSS 9.6) enabling file read/write to disclose sensitive data. Fortinet resolved two critical issues in FortiAuthenticator (CVE-2026-44277, CVSS 9.1) and FortiSandbox (CVE-2026-26083, CVSS 9.1) allowing unauthenticated RCE. SAP fixed a critical SQL injection flaw in S/4HANA (CVE-2026-34260, CVSS 9.6) and a missing authentication check in SAP Commerce (CVE-2026-34263, CVSS 9.6) enabling server-side code execution. VMware addressed a TOCTOU flaw in Fusion (CVE-2026-41702, CVSS 7.8) permitting local privilege escalation to root. n8n issued fixes for five prototype pollution and CLI injection flaws (CVSS 9.4) enabling authenticated RCE in workflow automation platforms. Exploitation of these flaws could lead to full system compromise, data exfiltration, or lateral movement in enterprise environments.

CISA, ASD ACSC, and international partners, alongside the UK’s NCSC, have released complementary guidance on securing agentic AI deployments in critical sectors, with NCSC emphasizing incremental deployment, strict access controls, and behavior monitoring to mitigate risks of unpredictable behavior and over-privileged systems. The joint guide highlights cybersecurity risks such as expanded attack surfaces, privilege escalation, and obscured event logs, while NCSC’s guidance stresses least privilege principles, secure defaults, and clear ownership structures to prevent incidents. Recommendations focus on tightly bounded pilots, temporary credentials, and robust supply chain risk management, underscoring the need for proactive governance and human oversight in high-risk scenarios.

Security researchers at Pwn2Own Berlin 2026, held from May 14 to May 16, 2026, demonstrated 47 unique zero-day exploits across enterprise technologies, AI systems, and virtualization platforms, earning $1.3 million in total rewards—up from the initially reported 39 exploits and $908,750 in prizes. Orange Tsai (DEVCORE Research Team) achieved SYSTEM-level remote code execution on Microsoft Exchange and a sandbox escape in Microsoft Edge via chained logic and memory corruption bugs, earning $375,000 in total. The Devcore Research Team became the overall competition winner with $505,000 in earnings after new exploits were reported, including a $100,000 Microsoft SharePoint chain by "splitline" and a $200,000 VMware ESXi cross-tenant code execution by Nguyen Hoang Thach of STARLabs SG. Six independent teams demonstrated Windows 11 privilege escalation zero-days, with awards ranging from $7,500 to $30,000. The event emphasized AI-focused targets for the first time, including coding agents (Cursor, Claude Code, OpenAI Codex), AI databases (Chroma, Postgres pgvector, Oracle Autonomous AI Database), and NVIDIA infrastructure (Megatron Bridge, NV Container Toolkit, Dynamo). All exploited vulnerabilities required arbitrary code execution on fully patched systems under Pwn2Own rules. Vendors were given 90 days to address disclosed zero-days before public disclosure.

The Bank of England, UK Treasury, and Financial Conduct Authority (FCA) issued a joint statement on May 15, 2026, warning that frontier AI capabilities already surpass those of skilled practitioners in speed, scale, and cost-efficiency, thereby amplifying cyber threats to financial stability and market integrity. The authorities emphasize that financial services firms must rapidly enhance governance, vulnerability management, third-party risk controls, protection measures, and cyber resilience to address these evolving risks. Failure to invest in core cybersecurity fundamentals is expected to disproportionately expose underprepared firms.

Microsoft confirmed that the May 2026 Windows 11 security update KB5089549 fails to install on systems with insufficient free space on the EFI System Partition (ESP), triggering automatic rollback and error code 0x800f0922. Affected devices—particularly those with 10 MB or less free space on the ESP—progress to approximately 35–36% completion before failing, displaying the message "Something didn't go as planned. Undoing changes." The issue stems from third-party or OEM files occupying space outside Microsoft boot directories, as indicated by log entries such as "SpaceCheck: Insufficient free space" and "ServicingBootFiles failed. Error = 0x70".

A proof-of-concept exploit for DirtyDecrypt (DirtyCBC), a Linux kernel local privilege escalation vulnerability, has been publicly released, enabling attackers to achieve root access on systems running vulnerable kernels. The flaw stems from a missing copy-on-write (COW) guard in the rxgk module’s rxgk_decrypt_skb function, leading to a pagecache write vulnerability. Exploitation requires the CONFIG_RXGK kernel configuration option, limiting affected systems to distributions closely tracking upstream kernels such as Fedora, Arch Linux, and openSUSE Tumbleweed. The vulnerability joins a growing class of recent Linux root-escalation flaws, including Dirty Frag, Fragnesia, and Copy Fail, and follows active exploitation of Copy Fail in the wild.

Fast16, a Lua-based sabotage malware with a kernel-mode filesystem driver (fast16.sys), predates Stuxnet by at least five years, with confirmed activity dating to 2005 and likely ties to the Equation Group. Designed to target Windows 2000/XP systems, Fast16 intercepts and modifies executable code at the filesystem level to corrupt high-precision mathematical computations in engineering and scientific software suites. New analysis confirms Fast16 was engineered to tamper with nuclear weapons testing simulations by corrupting uranium-compression runs in LS-DYNA and AUTODYN using a density threshold of 30 g/cm³. The malware’s 101 hook rules, grouped into 9-10 categories for different software versions, reflect a methodical operation targeting full-scale transient blast and detonation simulations. Its delivery mechanism, likened to a 'cluster munition,' and its stealthy operation underscore its sophistication as an early state-sponsored cyber sabotage tool.

Security researchers earned $1,298,250 in rewards at Pwn2Own Berlin 2026 by demonstrating 47 unique zero-day vulnerabilities across enterprise technologies, artificial intelligence systems, and virtualization platforms. The three-day contest, held at OffensiveCon from May 14 to 16, 2026, focused on fully patched targets including web browsers, enterprise applications, privilege escalation vectors, servers, AI inference systems, cloud-native environments, virtualization software, and large language model (LLM) platforms. Winners received payouts incrementally: $523,000 on day one for 24 zero-days, $385,750 on day two for 15 zero-days, and $389,500 on day three for eight zero-days. The top reward, $200,000, was awarded to Cheng-Da Tsai of DEVCORE for a remote code execution chain leading to SYSTEM privileges on Microsoft Exchange. DEVCORE secured the overall Master of Pwn title with 50.5 points and $505,000 in total earnings.

A previously undisclosed privilege escalation zero-day, tracked as MiniPlasma, has been identified in the Windows Cloud Files Mini Filter Driver (cldflt.sys) affecting all supported Windows versions. The flaw resides in the HsmOsBlockPlaceholderAccess routine and can be exploited to gain SYSTEM privileges on fully patched systems. Exploitation is possible through a race condition, as demonstrated by a weaponized proof-of-concept (PoC) that spawns a SYSTEM shell. Initial testing indicates reliable exploitation on Windows 11 systems with May 2026 updates, while the latest Insider Preview Canary build appears unaffected. The issue was originally reported in September 2020 but was believed patched under CVE-2020-17103, though further analysis suggests it remains unpatched or was silently reverted.

South Korea has implemented two national laws to restrict AI-generated deepfakes in political contexts ahead of its June 3, 2026 local elections, marking the first real-world application of such measures. The Public Official Election Act (Article 82-8) prohibits the creation or dissemination of synthetic audio, video, or images that are difficult to distinguish from reality within 90 days of an election, targeting content designed to influence voting outcomes. Violations carry penalties of up to 7 years imprisonment or fines between 10 million and 50 million South Korean won ($6,700–$33,500 USD). The AI Basic Act (Article 31) requires AI operators to clearly disclose AI-generated content through watermarking or labeling, with administrative fines of up to 30 million Korean won ($20,000 USD) for non-compliance. The National Police Agency (KNPA) deployed a deepfake detection tool in 2024 to support enforcement efforts. Despite these measures, threat actors continue to exploit gaps in detection and distribution speed, particularly via encrypted messaging and direct communications channels that bypass platform oversight.

A new Windows privilege escalation zero-day named MiniPlasma has been publicly disclosed, enabling attackers to escalate privileges to SYSTEM on fully patched Windows systems. The vulnerability resides in the Cloud Filter driver (cldflt.sys) and its HsmOsBlockPlaceholderAccess routine, impacting the .DEFAULT user hive registry key creation through undocumented CfAbortHydration API calls. The exploit provides SYSTEM-level command shell access, confirmed on Windows 11 Pro with May 2026 Patch Tuesday updates but non-functional in the Windows 11 Insider Preview Canary build. The flaw was originally reported to Microsoft in September 2020 as CVE-2020-17103 and allegedly patched in December 2020, yet the researcher claims the same issue remains exploitable, suggesting patch failure or rollback. Microsoft has not publicly addressed the new disclosure as of publication.

Tycoon2FA, a subscription-based phishing-as-a-service (PhaaS) platform that bypasses MFA using adversary-in-the-middle techniques, has expanded its capabilities to include device-code phishing attacks targeting Microsoft 365 accounts via OAuth 2.0 device authorization grant flows. The platform, active since August 2023, offers subscription-based access for bypassing multi-factor authentication, targeting major services like Microsoft 365 and Google. It was linked to over 64,000 phishing incidents and facilitated unauthorized access to nearly 100,000 organizations globally by mid-2025. The primary operator, identified as 'SaaadFridi' and 'Mr_Xaad,' remains at large. The platform’s infrastructure relies on adversary-in-the-middle techniques, AI-generated decoy pages, and short-lived domains to evade detection, while customers employ tactics like ATO Jumping to distribute phishing URLs. The platform was disrupted in a March 4, 2026 global takedown led by Europol’s EC3 and law enforcement from six European countries, but rapidly resumed operations within days to pre-disruption levels. Post-disruption, Tycoon2FA operators have continued to develop the kit, adding device-code phishing capabilities that abuse Trustifi click-tracking URLs and OAuth 2.0 flows. The phishing kit now includes a four-layer in-browser delivery chain, fake Microsoft CAPTCHA pages, and extensive anti-analysis protections to evade detection and analysis. Post-compromise activities include business email compromise (BEC), email thread hijacking, cloud account takeovers, and malicious SharePoint links, with old infrastructure remaining active and new domains registered quickly.

A critical unauthenticated vulnerability in the Funnel Builder WordPress plugin (all versions before 3.15.0.3) is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages. The flaw allows attackers to modify plugin settings via an exposed checkout endpoint, enabling arbitrary JavaScript execution on checkout pages. This results in the deployment of a payment card skimmer that collects credit card numbers, CVVs, billing addresses, and other customer data.

Three legitimate versions of the widely used node-ipc npm package (9.1.6, 9.2.3, and 12.0.1) were republished with malicious stealer/backdoor code by an unauthorized maintainer account named 'atiertant', triggering on require('node-ipc') and exfiltrating developer and cloud secrets to a rogue C2 server. The attack features novel evasion tactics including DNS-based exfiltration via a fake Azure-themed domain (sh.azurestaticprovider[.]net), conditional payload execution in version 12.0.1, and targeted collection of 90 categories of credentials. This incident follows a prior 2022 protest-related compromise where the original maintainer added destructive capabilities to versions 10.1.1 and 10.1.2 targeting systems in Russia or Belarus, yet node-ipc retains over 690,000 weekly downloads. Security vendors (Socket, Ox Security, Upwind) confirmed the malicious nature of the affected versions, which skip large files and avoid scanning .git and node_modules directories to reduce operational noise.

Turla (Secret Blizzard, ATG26, Blue Python, Uroburos) has upgraded its Kazuar .NET backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence and covert operations against government, diplomatic, and defense targets in Europe and Central Asia. The overhaul introduces a three-tier module architecture—Kernel, Bridge, and Worker—coordinated via droppers such as Pelmeni and ShadowLoader. Kernel modules act as the botnet’s control plane, electing a leader to mediate C2 communication while Workers exfiltrate data, log keystrokes, and profile systems. Communication uses multiple channels including Windows Messaging, Mailslot, named pipes, HTTP, Exchange Web Services, and WebSockets to evade detection. The design emphasizes resilience through internal P2P coordination, multi-path C2 redundancy, and persistent on-disk staging of operational data.