Microsoft's Massive Patch Tuesday, Windows Zero-Days, and Supply Chain Attacks Rock the Cybersecurity Landscape

Novel 'GemStuffer' Campaign Abuses RubyGems Repository as Data Exfiltration Channel

A novel and unusual campaign, dubbed 'GemStuffer,' has been observed abusing the RubyGems package registry. Threat actors have published over 150 malicious gems that, instead of containing malware to infect developers, use the registry itself as a free and unc...

Researcher Leaks Two Windows Zero-Day Exploits, 'YellowKey' and 'GreenPlasma', Amid Dispute with Microsoft

A security researcher known as Chaotic Eclipse has publicly released proof-of-concept exploits for two new zero-day vulnerabilities in Microsoft Windows, which they have named 'YellowKey' and 'GreenPlasma.' The release is an escalation of an ongoing dispute be...

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA with 9.6 CVSS Score

SAP has released its May 2026 Security Patch Day updates, addressing two critical vulnerabilities in its enterprise products that both carry a CVSS score of 9.6. The first flaw, CVE-2026-34263, is an arbitrary code execution vulnerability in SAP Commerce Cloud...

PraisonAI Auth Bypass (CVE-2026-44338) Exploited Within Four Hours of Disclosure

A critical authentication bypass vulnerability in the PraisonAI framework (CVE-2026-44338) was actively exploited by attackers less than four hours after its public disclosure. The flaw, which stems from a legacy API server being shipped with authentication di...

Belgium's NIS2 Audit Deadline Arrives, Kicking Off EU-Wide Enforcement

Update:The NIS2 Directive's implications for the logistics and transport sectors have been further clarified. This update highlights that management in these sectors is now legally obligated to approve, oversee, and receive training on cybersecurity risk management....

Anthropic's 'Mythos' AI Model Signals New Era of Autonomous Cyber Threats

Update:The update confirms that Anthropic's Mythos, alongside OpenAI's GPT-5.5-Cyber, is now actively used by major tech companies like Palo Alto Networks, Apple, and Mozilla under 'Project Glasswing' for defensive vulnerability scanning. This has led to a significan...

Instructure Confirms Massive Breach; ShinyHunters Claims 275 Million User Records from Canvas LMS

Update:Instructure, owner of Canvas LMS, has publicly stated it reached an 'agreement' with ShinyHunters following the recent data breach. This agreement reportedly led to the return of stolen data and 'digital confirmation of data destruction.' While Instructure did...

Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

Update:New intelligence from Symantec reveals that the Iranian APT group MuddyWater conducted a distinct cyber-espionage campaign in February 2026, targeting at least nine organizations globally, including a major South Korean electronics manufacturer. Unlike previou...

Foxconn Hit by Nitrogen Ransomware; Gang Claims Theft of Apple, Intel Data

Update:Foxconn has confirmed that its North American factories, previously impacted by the Nitrogen ransomware attack, are now resuming normal operations. This marks a significant step towards recovery from the operational disruptions caused by the incident. The Nitr...

Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Update:This update provides more granular technical details for critical RCEs like Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096), specifying buffer overflow types. It also introduces new critical vulnerabilities, including CVE-2026-41103 (Microsoft SSO Pl...