SecurityWeek

Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. 

New “Sweet Attack” platform uses runtime intelligence and continuous agentic red teaming to identify exploitable attack chains human teams may miss.

This webinar will help OT security teams and asset owners stop being cost centers and start being resilience drivers.

The Committee on Homeland Security has requested to be briefed on the incident and Instructure’s remediation steps.

The telehealth platform was hacked in January, and users’ personal information was exfiltrated from its systems.

CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”.

Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure.

The two chip giants have published over two dozen advisories describing recently identified security defects.

More than 500 packages were pushed during the attack, but the target appears to have been RubyGems itself rather than users.

Many ICS vendors have not released new advisories for the May 2026 Patch Tuesday.

Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence.

Exaforce has raised a total of $200 million and plans on using the latest investment for product development and international expansion. 

While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution.

The startup will invest in accelerating product development, hiring new talent, and expanding its customer base.

Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests.

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development.

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.

The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware.

The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS.

The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution.