GemStuffer used more than 150 RubyGems packages to exfiltrate scraped U.K. council portal data, not distribute malware.

The gems collected ModernGov pages, built .gem archives, and published them to RubyGems with hardcoded credentials.

Microsoft patched 138 security flaws across its products, including 30 Critical bugs and Windows DNS, Netlogon, Azure, Dynamics 365, and Hyper-V issues.

"Mira"; Telegram's intelligent assistant for chat, image, and tool management

Telegram has introduced a new AI assistant called "Mira" that offers features such as unlimited text chat, voice-to-text conversion, text-to-speech, internet search, image analysis, and management of the TON network wallet.

Microsoft’s new MDASH AI just uncovered 16 Windows vulnerabilities, patched today in Patch Tuesday — including 4 critical RCEs in the TCP/IP kernel and IKEv2 VPN.

An army of 100+ AI agents debated, validated, and proved them exploitable.

3rd Linux kernel LPE in just ~2 weeks: Fragnesia (CVE-2026-46300) just dropped.

Attackers can now gain root by corrupting the kernel page cache through a flaw in XFRM ESP-in-TCP.

PoC is public. Major distros have already issued advisories.

YellowKey affects Windows 11 and Server 2022/2025; GreenPlasma could enable abuse of SYSTEM-writable paths.

Two new Windows zero-days expose a BitLocker bypass in WinRE and a CTFMON privilege escalation issue.

Threat actors targeted PraisonAI CVE-2026-44338, an authentication bypass vulnerability, within hours of disclosure.

The flaw affects versions 2.5.6–4.6.33 and can expose the /agents endpoint without authorization.

Three newly published node-ipc npm versions have been confirmed as malicious, with obfuscated stealer/backdoor behavior targeting developer and cloud secrets.

Limited attacks are exploiting CVE-2026-20182, a CVSS 10.0 auth bypass in Cisco Catalyst SD-WAN Controller.

Unauthenticated remote attackers can gain admin privileges and manipulate SD-WAN configurations.

Affected: on-prem, cloud, government deployments.

An 18-year-old flaw in NGINX can let unauthenticated attackers run code or crash servers using crafted HTTP requests.

Tracked as CVE-2026-42945 and named NGINX Rift, the bug affects NGINX Plus and Open Source.

Cyberattack hits fuel monitoring systems at U.S. gas stations.

OpenAI says two employees devices were affected in the TanStack supply-chain attack.

Turla has rebuilt Kazuar into a modular P2P botnet designed for stealth and persistent access.

The upgraded .NET backdoor uses Kernel, Bridge, and Worker modules to handle C2, tasking, collection, and exfiltration.

Four OpenClaw vulnerabilities dubbed Claw Chain can be chained to steal sensitive data, escalate privileges, and establish persistence.

All four flaws are fixed in OpenClaw 2026.4.22.

On-prem Microsoft Exchange Server CVE-2026-42897 is under active exploitation.

The CVSS 8.1 spoofing flaw stems from XSS and can allow arbitrary JavaScript execution when crafted emails are opened in Outlook Web Access under certain conditions.

CISA added CVE-2026-20182, a CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN Controller, to its KEV catalog amid active exploitation.

Google ties full 15GB free cloud storage to mobile number verification for new accounts.

Microsoft patches 120 vulnerabilities in May 2026 update including 17 critical flaws across Windows and Office.

Google says hackers used AI to discover a zero day vulnerability for the first time.

Critical Next.js vulnerability exposes servers to unauthorized requests and potential data leaks.