STORIES LAST WEEK
Google says criminals used AI to build a working zero-day exploit
GTIG said criminals built a zero-day exploit with AI to bypass 2FA in a web administration tool and planned mass exploitation. The case moves AI from assistance to working exploit generation. Google Cloud Blog, May 11, 2026
Palo Alto firewall zero-day leads to root-level code execution
Attackers exploited CVE-2026-0300 for unauthenticated root-level code execution on PAN-OS firewalls, then used tunneling tools and Active Directory enumeration. Internet-exposed authentication portals need immediate review. SecurityWeek, May 7, 2026
CISA sets rapid deadline for exploited Ivanti EPMM flaw
CISA added Ivanti EPMM CVE-2026-6973 to KEV due to evidence of active exploitation. The flaw lets an authenticated administrator run code on vulnerable mobile-management appliances. CISA, May 7, 2026
Microsoft Patch Tuesday fixes critical identity, domain controller, cloud flaws
Microsoft fixed 118 CVEs, including critical issues in Entra ID, Netlogon, Word, Azure, and the SSO Plugin for Jira and Confluence. Tenable said no zero-days were exploited or publicly disclosed for the first time since 2024. Tenable, May 12, 2026
Mini Shai-Hulud reaches trusted publishing pipelines
Snyk said Mini Shai-Hulud compromised TanStack releases through GitHub Actions cache poisoning and trusted publishing. The campaign spread with valid provenance, raising risk for teams relying on CI/CD attestations. Snyk, May 11, 2026
Checkmarx warns rogue Jenkins AST plugin reached marketplace
Checkmarx warned that threat actors created a modified Jenkins AST plugin that reached the Jenkins Marketplace containing malicious artifacts. Users were told to avoid the May 9 build and verify installed scanner versions. Checkmarx, May 9, 2026
Critical Exim flaw exposes GnuTLS mail servers to remote code execution
CVE-2026-45185, AKA Dead.Letter, is a remotely reachable use-after-free vulnerability in Exim’s GnuTLS-backed TLS path. Affected mail servers need to be updated to version 4.99.3 because no configuration-based workaround exists. CyCognito, May 13, 2026
Dirty Frag raises Linux post-compromise risk across major distributions
Microsoft warned Dirty Frag can turn low-privilege Linux access into root by abusing kernel networking and memory-fragment handling. The technique raises post-compromise risk for SSH, web shell, container, and service-account footholds. Microsoft Security Blog, May 8, 2026
Ollama memory leak threatens prompts, API keys, and AI secrets
Qualys said CVE-2026-7482 lets unauthenticated attackers leak Ollama process memory through the GGUF model loader. Exposed AI servers may reveal prompts, API keys, credentials, and other runtime secrets. Qualys, May 11, 2026
Claude browser flaw shows AI-agent origin controls are still weak
A Claude Chrome extension flaw let another extension inject instructions and hijack agent actions, according to CyberScoop. The case shows browser AI agents need strict origin, permission, and trust boundaries. CyberScoop, May 8, 2026
Lawmakers seek answers from Instructure after Canvas attacks
House Homeland Security asked Instructure to brief lawmakers after Canvas attacks stole student data and disrupted schools during finals. The demand puts incident response and education-platform controls in the private sector under federal scrutiny. House Committee on Homeland Security, May 11, 2026
Foxconn confirms North American factory cyberattack
Foxconn confirmed some North American factories suffered a cyberattack and were resuming normal production. Threat group Nitrogen claimed 8 TB of stolen files, including customer-related designs, instructions, and project documents. BleepingComputer, May 13, 2026
West Pharmaceutical SEC filing says cyberattack disrupted global operations
West Pharmaceutical told regulators that attackers stole data, encrypted systems, and forced global containment procedures. Core enterprise systems were restored, but manufacturing, shipping, and receiving were only restarted at some sites with the timeline for complete restoration not yet given. SEC, May 11, 2026
More cybersecurity news
- Last week’s news roundup
- More cybersecurity news
- All articles sponsored by NetworkTigers
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
