Apple disclosed cumulative fraud prevention results spanning six years, including $11 billion in blocked App Store fraudulent transactions and over $2.2 billion in 2025 alone. The company reported terminating 193,000 developer accounts, rejecting 138,000 enrollments, and deactivating 40.4 million customer accounts suspected of fraud or abuse. It also blocked 5.4 million stolen credit cards and banned nearly 2 million user accounts from further transactions in 2025.

The TAOTH espionage campaign continues to target Eastern Asia via hijacked Sogou Zhuyin update servers, distributing malware families such as C6DOOR, GTELAM, DESFY, and TOSHIS to dissidents, journalists, and business leaders. The campaign, linked to infrastructure overlap with the ITOCHU threat actor, primarily impacts Taiwan (49% of targets), Cambodia, and the U.S. Additional distribution methods include phishing websites and fake cloud storage pages. Concurrently, Chinese state-aligned hackers have expanded the use of the Linux post-exploitation framework Showboat, now confirmed to operate as a SOCKS5 proxy backdoor with rootkit-like capabilities. Showboat has been deployed against telecommunications providers in the Middle East since at least mid-2022, with victims identified in Afghanistan, Azerbaijan, and possible compromises in the U.S. and Ukraine. Its modular design enables remote shell access, file transfers, and LAN device infection, often leveraging infrastructure geolocated to Chengdu, Sichuan. The malware retrieves obfuscation code from a Pastebin snippet created in January 2022, highlighting long-term development and reuse across Chinese APT groups including Calypso, which also deploys the JFMBackdoor Windows backdoor.

Underground cybercriminal ecosystems have matured into structured Drainer-as-a-Service (DaaS) platforms, exemplified by the "Lucifer" operation, which professionalizes wallet theft through SaaS-like models including affiliate commissions, automation, and resilience measures. Victims are lured via phishing to fake crypto, NFT, airdrop, or DeFi sites where wallet connection and transaction approvals enable near-instant asset transfer across blockchains. Affiliates drive traffic while DaaS operators handle infrastructure, transaction logic, and asset draining, splitting proceeds from successful thefts. These platforms lower technical barriers for attackers, increase operational scalability, and resist takedowns through decentralized documentation and rapid reconfiguration, raising the threat level for cryptocurrency users and organizations.

A Chinese state-aligned cyber-espionage campaign attributed to the Calypso APT group has been targeting telecommunications providers since at least mid-2022 using newly identified malware families Showboat (Linux) and JFMBackdoor (Windows). The operation spans organizations across the Asia-Pacific and parts of the Middle East, with attackers establishing persistence, conducting espionage, and using compromised infrastructure as pivot points for lateral movement. The campaign employs modular malware frameworks, dead-drop communication techniques, and a partially decentralized operational model to maintain long-term access and operational security.

An international law enforcement operation has dismantled the 'First VPN' service, widely abused in ransomware and data theft campaigns, after a multi-year investigation. Operations included the seizure of 33 servers across 27 countries, the arrest of a Ukrainian administrator, and the takeover of associated domains (1vpns.com, 1vpns.net, 1vpns.org, and onion variants). The platform was marketed as no-logging and privacy-focused but allegedly used by threat actors to conceal infrastructure and identities. Investigators infiltrated the service, collected traffic data, and identified thousands of users globally, sharing 506 user identities and 83 intelligence packages with international partners to support ongoing cybercrime investigations.

Three-quarters of organizations admit to frequently shipping code with known vulnerabilities, according to new data from Checkmarx published May 21, 2026. The average time from public disclosure to exploitation has collapsed from 840 days in 2018 to under two days in 2026, with Checkmarx researchers projecting a one-minute exploitation window by 2028. Vulnerability exploitation now accounts for 31% of initial access vectors in breaches, up from 20% in the previous year, per Verizon’s 2026 DBIR. Rising adversary adoption of AI tools is cited as a key driver of the trend, with median threat actors leveraging AI in up to 15 documented techniques and some using AI in 40–50 techniques.

Cisco patched CVE-2026-20223, a critical vulnerability in Secure Workload with a CVSS score of 10.0, enabling attackers to access site resources with Site Admin privileges by sending crafted API requests to internal REST endpoints. The flaw stems from insufficient input validation and authentication in the REST API. Successful exploitation permits reading sensitive data and modifying configurations across tenant boundaries. The issue affects both SaaS and on-prem deployments of Secure Workload Cluster Software and is limited to internal REST APIs, not the web-based management interface. No exploitation in the wild has been reported.

CISA introduced a public Nomination Form to streamline reporting of actively exploited vulnerabilities (KEVs) to its Known Exploited Vulnerabilities Catalog. The form enables researchers, vendors, and industry partners to submit suspected KEVs directly to CISA for validation and rapid inclusion. CISA emphasizes the role of early detection and coordinated disclosure in reducing systemic cyber risk across critical infrastructure and federal networks.

Linux userland rootkit OrBit has been actively maintained and refined by its operators nearly four years after its initial discovery, with evidence of two distinct lineages—Lineage A (full-featured) and Lineage B (lite)—indicating ongoing development and deployment. The malware, attributed to Blockade Spider and linked to the Embargo ransomware campaign, employs advanced evasion techniques, persistence mechanisms, and credential harvesting. Concurrently, two AI-driven intrusion campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—have emerged, leveraging agentic AI to conduct intrusions against governments and financial institutions in Latin America, bypassing AI safety controls by framing activities as authorized penetration testing. These developments highlight the convergence of sophisticated rootkit technology and AI-enabled intrusion operations, underscoring the evolving threat landscape for both Linux environments and cloud-based infrastructures.

Flipper Devices initiates an open community-driven project to develop Flipper One, a high-performance ARM-based Linux platform for networking, hardware experimentation, and SDR analysis. The device features a Rockchip RK3576 ARM SoC with 8 GB RAM and an RP2350 microcontroller in a dual-processor design, enabling operation even when the OS is powered off. Flipper One is modular, supporting M.2, GPIO, PCIe, USB 3.1, SATA, and wireless interfaces for SDR, storage, AI accelerators, and satellite connectivity. Targeted use cases include router/VPN gateway, survival desktop, media box, and HDMI-enabled device, though the project remains in active development with unresolved software and hardware challenges.

Microsoft disclosed two actively exploited zero-day vulnerabilities in Microsoft Defender: CVE-2026-41091, a local privilege escalation flaw allowing attackers to gain SYSTEM privileges via improper link resolution, and CVE-2026-45498, a denial-of-service issue impacting Defender functionality. Both flaws were patched in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, with updates automatically applied through malware definitions and the Microsoft Malware Protection Engine. Microsoft credited five researchers for disclosing the vulnerabilities and confirmed that systems with Defender disabled remain non-exploitable. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added both CVEs to its Known Exploited Vulnerabilities catalog on May 20, 2026, with a federal patch deadline of June 3, 2026. The article also references additional vulnerabilities added to the KEV catalog, including legacy flaws (e.g., CVE-2008-4250, CVE-2009-1537) and a recently weaponized Exchange Server XSS flaw (CVE-2026-42897, CVSS 8.1).

A single cached AWS access key on a Windows endpoint, obtainable by a low-privilege attacker, could grant access to 98% of an organization’s cloud workloads despite no policy violations or misconfigurations. Identity permissions—spanning Active Directory, cloud IAM, service accounts, machine identities, and AI agents—now function as internal highways for attackers once initial footholds are achieved. Analysis by Palo Alto indicates identity weaknesses were involved in nearly 90% of 2025 incident response engagements, with SpyCloud’s 2026 Identity Exposure Report highlighting a 33% rise in non-human identity theft, including AI tooling-related credentials. Overprivileged roles, unrevoked group memberships, and long-lived developer SSO roles form chained attack paths from low-level access to production admin privileges. Current identity security tools (IGA, PAM) operate in isolation and fail to detect multi-environment identity chains, with IBM X-Force reporting that 32% of 2026 incidents began with stolen or misused credentials. Over 90% of breaches investigated by Palo Alto in 2025 were enabled by preventable identity exposures that existing tools missed.

Microsoft disclosed and patched two zero-day vulnerabilities in Windows Defender components that are being actively exploited in the wild. CVE-2026-41091 is a privilege escalation flaw in the Microsoft Malware Protection Engine affecting versions 1.1.26030.3008 and earlier, enabling attackers to gain SYSTEM privileges via improper link resolution (link following). CVE-2026-45498 is a denial-of-service (DoS) vulnerability in the Defender Antimalware Platform versions 4.18.26030.3011 and earlier, allowing threat actors to trigger DoS states on unpatched Windows devices. The flaws impact Windows Defender Antimalware Platform, System Center Endpoint Protection, and related security tools. Microsoft released updated engine versions 1.1.26040.8 and 4.18.26040.7 to remediate the issues, with automatic updates enabled by default in most configurations. CISA added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog and mandated Federal Civilian Executive Branch (FCEB) agencies to patch within two weeks under BOD 22-01.

A nine-year-old privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-46333 (CVSS 5.5), has been publicly disclosed. The flaw stems from improper privilege management in the kernel’s __ptrace_may_access() function, enabling unprivileged local users to execute arbitrary commands as root or disclose sensitive files such as /etc/shadow and SSH host keys on default installations of major distributions including Debian, Fedora, and Ubuntu. Exploitation can occur through four distinct attack vectors targeting chage, ssh-keysign, pkexec, and accounts-daemon, providing reliable local root access. A proof-of-concept exploit has been released alongside kernel fixes, and workarounds include raising kernel.yama.ptrace_scope to 2.

GitHub confirmed the unauthorized access to internal repositories stemmed from a trojanized Nx Console VS Code extension installed by an employee, which was live on the Visual Studio Marketplace for only eighteen minutes before removal. The extension, poisoned via a developer’s compromised system linked to the TanStack supply chain attack, executed a stealthy credential stealer targeting data from 1Password, Anthropic Claude Code, npm, GitHub, and AWS. GitHub’s Chief Information Security Officer stated there is no evidence of impact to customer data stored outside internal repositories, and the company has rotated critical secrets as part of containment. TeamPCP claimed responsibility, offering the alleged GitHub data dump for sale with a minimum price of $50,000 and threatening free release if no buyer is found. TeamPCP expanded operations by compromising the durabletask PyPI package with a Linux infostealer targeting credentials across cloud environments and forming partnerships with extortion and ransomware actors including Lapsus$ and Vect ransomware. Grafana Labs confirmed a breach was caused by a missed GitHub workflow token rotation following the TanStack npm supply-chain attack, resulting in the exfiltration of operational information such as business contact names and email addresses without compromising customer production systems. GitHub has now explicitly linked the breach vector to the TanStack npm supply-chain attack, which compromised dozens of TanStack and Mistral AI packages and leaked developer GitHub credentials via the GitHub CLI (gh), enabling the poisoning of the Nx Console extension used in the intrusion.

A highly critical SQL injection vulnerability in Drupal Core's database abstraction API can grant unauthenticated attackers remote code execution, privilege escalation, or information disclosure on Drupal sites using PostgreSQL. The flaw, tracked as CVE-2026-9082 with a CVSS score of 6.5, allows arbitrary SQL execution via crafted requests sent to PostgreSQL-backed Drupal installations. Exploitation does not require authentication, affecting only PostgreSQL sites. The issue spans multiple supported Drupal versions and has prompted urgent patching for active branches and manual fixes for end-of-life releases.

An 18-year-old individual from Odesa, Ukraine, has been identified by national cyberpolice and U.S. law enforcement as the operator of an infostealer malware campaign conducted between 2024 and 2025. The threat actor targeted users of a California-based online store, infecting devices to harvest browser sessions, credentials, and payment data. Stolen session tokens allowed bypass of multi-factor authentication in some cases, enabling account takeover. The operation resulted in the compromise of 28,000 customer accounts, with 5,800 exploited for unauthorized purchases totaling approximately $721,000. Direct financial losses, including chargebacks, amounted to $250,000.

Threat actors exploited CVE-2024-12802 to bypass multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances, enabling initial access for ransomware operations. Attackers brute-forced VPN credentials and authenticated directly via the UPN login format, bypassing MFA enforcement that appeared active in logs. Intrusions occurred between February and March 2026, with attackers taking 30–60 minutes to gain access, conduct reconnaissance, and test credential reuse. The vulnerability required both firmware updates and manual LDAP server reconfiguration to fully mitigate; incomplete mitigation left devices vulnerable. Gen6 devices are end-of-life as of April 16, 2026, and no longer receive security updates.

Microsoft released two open-source tools, RAMPART and Clarity, to integrate security testing and design validation directly into the AI agent development process. RAMPART is a Pytest-native framework for writing and executing safety and security tests against AI agents, addressing adversarial and benign issues including cross-prompt injections and data exfiltration risks. Clarity serves as an "AI thinking partner" to help developers clarify design intent, explore failure modes, and track decisions before code is written. Together, the tools aim to shift AI safety from post-build review to a continuous, lifecycle-integrated practice by making assumptions testable and incidents reproducible.

A critical command injection vulnerability (CVE-2026-8153) in Universal Robots PolyScope 5 Dashboard Server allows unauthenticated attackers with network access to execute arbitrary commands on the robot’s Linux-based controller, achieving remote code execution (RCE) and full administrative control. The flaw resides in improper input neutralization within the Dashboard Server interface, enabling attackers to manipulate OT environments where collaborative robots (cobots) are deployed across manufacturing, logistics, automotive, healthcare, and other industrial sectors. Exploitation risks sabotage of manufacturing workflows, production shutdowns, ransomware deployment, data destruction, and manipulation of robotic precision and calibration. Safety hazards include disabling safeguards, altering programmed movements, or interrupting safety logic, potentially endangering human operators and causing physical harm or environmental incidents. CVE-2026-8153 carries a CVSS 3.1 base score of 9.8 and requires the Dashboard Server to be enabled and reachable via its network port; direct internet exposure is not typical due to standard OT network segmentation practices.

Quantum Bridge, a Toronto-based cybersecurity firm specializing in quantum-safe cryptography, announced $8 million in Series A funding, bringing total investment to $16 million. The company’s Distributed Symmetric Key Establishment (DSKE) protocol automates symmetric key creation and distribution using pre-shared random data and secret-sharing across Security Hubs, ensuring no single hub holds the complete key. This architecture mitigates both classical and quantum computing threats. Quantum Bridge’s Symmetric-Key Distribution System (SDS) combines DSKE with post-quantum cryptography (PQC) and quantum key distribution (QKD) into a crypto-agile platform deployable on existing network infrastructure via Ansible-based automation.

A 10-month Android malware campaign used nearly 250 counterfeit apps to enroll victims in premium services via carrier billing, targeting users in Malaysia, Thailand, Romania and Croatia. The operation, codenamed Premium Deception by Zimperium zLabs, ran from March 2025 to mid-January 2026 and maintained portions of its infrastructure online at the time of disclosure. Malware variants automated end-to-end subscription enrollment by exploiting legitimate Android APIs, hidden WebViews and operator-specific billing portals to bypass user interaction and detection.

The Mini Shai-Hulud supply chain campaign has escalated with a new wave of 639 compromised npm packages tied to the AntV ecosystem, including high-download dependencies such as echarts-for-react and timeago.js. The attack ran for roughly one hour on May 19, 2026, beginning at 01:56 UTC, publishing malicious versions from the compromised “atool” maintainer account that held rights for over 500 packages. Each compromised package added an obfuscated Bun bundle preinstall hook to harvest and exfiltrate credentials (cloud, CI/CD, SSH, Kubernetes, and password manager vaults) via GitHub repositories marked with Dune-themed names and the campaign's reversed signature. Earlier waves targeted TanStack and Mistral AI SDKs, SAP npm packages, and PyPI ecosystems (Lightning, intercom-client), while compromising GitHub Actions workflows ('actions-cool/issues-helper', 'actions-cool/maintain-one-comment') and hundreds of npm packages across multiple ecosystems. Affected organizations include OpenAI (two employee devices breached via TanStack), UiPath, Guardrails AI, OpenSearch, SAP, and hundreds of npm and PyPI packages. The malware harvests over 20 credential types, abuses OIDC tokens to forge Sigstore provenance attestations, implements self-propagation via stolen npm tokens, and includes a destructive sabotage payload targeting systems in Israel or Iran. The campaign is attributed to TeamPCP, which publicly released the Shai-Hulud source code, enabling rapid cloning and weaponization by other actors.

Microsoft’s Digital Crimes Unit (DCU), in collaboration with the FBI and Europol’s EC3, has disrupted Fox Tempest’s malware-signing-as-a-service (MSaaS) infrastructure that provided fraudulent code-signing certificates for ransomware and malware operations. The takedown involved legal action in the US District Court for the Southern District of New York, sinkholing malicious domains, disabling hundreds of virtual machines on Cloudzy, and suspending roughly 1,000 accounts. Fox Tempest’s MSaaS platform abused Microsoft’s Artifact Signing to issue short-lived certificates valid for 72 hours, sold at tiered pricing from $5,000 to $9,000. The group collaborated with multiple ransomware operations, including Rhysida (Vanilla Tempest), Storm-2501, Storm-0249, INC, Qilin, BlackByte, and Akira, with attacks targeting critical sectors across the U.S., France, India, and China. The service evolved in February 2026 to offer pre-configured Cloudzy VMs, streamlining malicious binary signing and distribution. Microsoft’s operation, codenamed OpFauxSign, includes ongoing efforts to identify and pursue the group’s operators through undercover engagements and legal mechanisms.

A growing body of evidence indicates that identity-centric security architectures are insufficient against increasingly sophisticated cyber threats, particularly when attackers weaponize AI-enhanced phishing kits and session hijacking. Multi-factor authentication (MFA) alone is being bypassed via real-time adversary-in-the-middle (AiTM) phishing, allowing attackers to proxy authentication and steal session tokens post-authentication. As organizations adopt SaaS, BYOD, and hybrid work models, a valid credential no longer guarantees a safe connection without ongoing validation of device security posture. Zero Trust frameworks, especially NIST SP 800-207, emphasize that access decisions must be dynamic and include continuous verification of both user identity and device health throughout the session lifecycle. Historically, identity verification was treated as a one-time event, creating a persistent blind spot where session tokens remain valid even on compromised or unmanaged endpoints. Many Zero Trust deployments have become overly identity-focused, with device posture checks inconsistently applied, limited to modern browser workflows, or absent for legacy protocols, remote access tools, and API integrations. This fragmentation enables attackers to maintain persistence using stolen credentials or intercepted tokens on unmanaged or non-compliant devices.

Drupal announced an imminent critical security update for core versions 8 and later, with exploitation expected within hours of public disclosure. Administrators are advised to prioritize updates between 17:00–21:00 UTC on May 20, 2026, migrating to supported versions where possible. Non-supported versions (Drupal 8, 9, 11.1x, 10.4x) receive last-minute hotfixes due to severity, while supported versions (10.6.x, 11.3.x) are strongly recommended. No technical details are available yet, and misleading claims online are cautioned against.

A China-aligned threat actor tracked as Webworm has deployed two new custom backdoors, EchoCreep and GraphWorm, using Discord and Microsoft Graph API respectively for command-and-control (C2) communications during 2025 activities. The group, active since at least 2022 and previously associated with RATs such as Trochilus, Gh0st, and 9002, has shifted toward stealthier (semi-)legitimate utilities including SOCKS proxies and custom proxy tools like WormFrp, ChainWorm, SmuxProxy, and WormSocket. Targeting spans government agencies and enterprises in Russia, Georgia, Mongolia, European countries including Belgium, Italy, Serbia, and Poland, and a university in South Africa, often blending operations using SoftEther VPN and GitHub-hosted malware staging. Initial access vectors remain unclear though brute-forcing of web server files and directories using open-source tools like dirsearch and nuclei has been observed.

Analysis of the Orchid Security Identity Gap: Snapshot 2026 released on May 19, 2026 reveals a critical imbalance in enterprise identity management landscapes. Visible identity elements constitute only 43% of total identities while 'identity dark matter'—unmanaged or invisible identities—now accounts for 57%, highlighting systemic gaps in IAM practices. This imbalance coincides with widespread enterprise adoption of Agent AI systems, which, by design, seek shortcuts to complete assigned tasks, often exploiting unmanaged credentials, excessive permissions, or orphan accounts to bypass intended access controls. The lack of intrinsic ethical or control mechanisms in AI agents amplifies the risk of unauthorized access or lateral movement, underscoring the need for robust identity governance as a prerequisite for safe Agent AI integration.

The China-linked APT group Webworm has expanded its targeting to include governmental organizations in Europe, compromising entities in Belgium, Italy, Poland, Serbia, and Spain, alongside a university in South Africa. The group has introduced two new backdoors—EchoCreep, leveraging Discord for C2, and GraphWorm, using Microsoft Graph API and OneDrive endpoints for command-and-control and data exfiltration. Initial access vectors include exploitation of a now-discontinued SquirrelMail vulnerability in at least one confirmed case. Webworm also employs a suite of custom proxy tools (WormFrp, ChainWorm, SmuxProxy, WormSocket) to expand its operational network, with ChainWorm specifically used to extend proxy infrastructure and WormFrp configured to retrieve configurations from an AWS S3 bucket.

A proof-of-concept exploit for the PinTheft Linux kernel privilege escalation vulnerability has been publicly released, enabling local attackers to gain root access on Arch Linux systems. The flaw is a zero-copy double-free bug in the Linux kernel's Reliable Datagram Sockets (RDS) implementation that allows page-cache overwrites through io_uring fixed buffers. Exploitation requires the RDS kernel module to be loaded, io_uring enabled, a readable SUID-root binary, and x86_64 support. Successful exploitation leads to arbitrary root shell acquisition via stolen FOLL_PIN references.