Critical Infrastructure SecurityTeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challengeLaura FrenchMay 15, 2026The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say.
Vulnerability Management10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV listSteve ZurierMay 15, 2026Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.
Vulnerability ManagementNew Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC availableLaura FrenchMay 15, 2026Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.
AI/MLOpenAI Daybreak joins growing movement of AI-driven vulnerability discoveryLaura FrenchMay 14, 2026The program aims to leverage GPT models and Codex Security to improve software resilience.
IdentityHouse calls on Instructure to brief Congress on Canvas hackSteve ZurierMay 13, 2026ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.
Vulnerability ManagementPatch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEsLaura FrenchMay 12, 2026The May 2026 Microsoft security update included no zero days for the first time since June 2024.
Identity‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packagesSteve ZurierMay 12, 2026Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.
AI/MLGoogle reports first known AI-assisted zero-day exploit in the wildLaura FrenchMay 12, 2026Attackers used AI to create an exploit script for a 2FA bypass flaw in an open-source project.
IdentitySailPoint GitHub repo hit by third-party cyberattackSteve ZurierMay 11, 2026SailPoint says GitHub repo breach exposed no customer data or production systems.
Vulnerability ManagementFederal agencies ordered to patch Ivanti EPMM zero-day in 3 daysLaura FrenchMay 8, 2026The actively exploited flaw enables remote admin users to execute arbitrary code.
