🚨 CVE-2026-7482 in Ollama could let remote attackers leak process memory from more than 300,000 exposed servers using crafted GGUF files.

Separate unpatched Windows flaws enable persistent code execution through Ollama’s update mechanism.

Full details and mitigations: https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html

Your biggest security risk in 2026 isn’t malware.
It’s the tools you already trust.

Attackers are ditching malicious files and “living off the land” with PowerShell, WMIC, Certutil and native binaries that your security tools barely blink at.

84% of high-severity incidents now do this.

Read why → https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html

🚨 WARNING: A malicious Hugging Face repository impersonating #OpenAI’s Privacy Filter model reached #1 trending with about 244,000 downloads in 18 hours while delivering a Rust-based infostealer to Windows users.

Hugging Face disabled the repo; researchers also linked the infrastructure to a ValleyRAT campaign.

Read: https://thehackernews.com/2026/05/fake-openai-privacy-filter-repo-hits-1.html

The internet had another normal week...

💀 Poisoned installers
🔥 Firewall zero-days
🐧 Linux rootkits
☁️ Cloud hijacks
🎣 OAuth theft
🪤 ClickFix traps
🤖 AI bug hunting
⚠️ Fake updates everywhere

⚡ Weekly cyber recap just dropped: https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html

Your current open-source governance cannot scale with dependency intake.

According to the latest IDC Analyst Brief, sponsored by ActiveState, 72% of organizations experienced “a direct impact from a community-supported OSS-related vulnerability or compromise in the last year.”

Download the IDC Analyst Brief to see where governance is breaking down at the component level.

Download Here: https://thn.news/open-source-sec-risk

🚨 The average time from CVE disclosure to working exploit has dropped to roughly 10 hours in 2026, down from 56 days in 2024.

The report says AI-assisted attackers can breach systems in 73 seconds while many defenders still rely on manual workflows.

Read why the gap is widening: https://thehackernews.com/2026/05/your-purple-team-isnt-purple-its-just.html

🚨 Threat actors used AI to create the first known zero-day 2FA bypass on a popular open-source admin tool.

Google spotted it in a planned mass exploitation campaign and helped fix it before widespread use.

Full report: https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html

🚨 A malicious Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace after TeamPCP allegedly breached the plugin’s GitHub repository.

The incident comes weeks after earlier TeamPCP-linked compromises involving the KICS Docker image, VS Code extensions, GitHub Actions workflows, and the Bitwarden CLI npm package.

Read: https://thehackernews.com/2026/05/teampcp-compromises-checkmarx-jenkins.html

🚨 More than 2,000 attacker IPs worldwide are exploiting cPanel CVE-2026-41940 to deploy the Filemanager backdoor.

The campaign, linked to Mr_Rot13, enables credential theft, ransomware, cryptomining, botnet activity, and persistent SSH access, with infrastructure tied to low-detection activity dating back to 2020.

Read: https://thehackernews.com/2026/05/cpanel-cve-2026-41940-under-active.html

📱 Apple has released iOS 26.5, bringing default end-to-end encryption to RCS messaging between #iPhone and #Android.

Lock icons will indicate encrypted chats, marking a major expansion of secure cross-platform messaging beyond traditional SMS.

Read → https://thehackernews.com/2026/05/ios-265-brings-default-end-to-end.html

🚨 OpenAI has launched Daybreak, a #cybersecurity initiative combining GPT-5.5 models and Codex Security to identify vulnerabilities, validate patches, and automate threat modeling.

Major firms like Akamai, Cisco, Cloudflare, and others are already integrating it.

Read: https://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html

⚠️ Instructure has reached a ransom agreement with the ShinyHunters extortion group to stop the leak of 3.65TB of stolen Canvas data.

The deal includes the return and confirmed destruction of data stolen from nearly 9,000 schools and universities.

Read: https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html

🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more.

The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions.

Check your dependencies immediately → https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html

🤖 Agentic AI is already running in production while security teams treat it as a policy issue.

You can’t secure what you don’t understand. Three agent types — one now lets anyone build powerful agents with real access, no code needed.

Read about it: https://thehackernews.com/2026/05/why-agentic-ai-is-securitys-next-blind.html

🚨 Your riskiest SOC alerts are probably going unanswered right now.

WAF, DLP, OT/IoT, dark web, and supply chain signals — the ones that actually lead to breaches — get ignored every day.

Why? Every SOC, MSSP, and AI tool hits the same coverage ceiling.

Fix it May 21:
• Webinar: “Alert Coverage No One Else Can Triage”
• Hosted by: Radiant & Cirosec
• Live: Adaptive AI Demo
• Time: 15:00 CEST

Register free → https://thehackernews.com/2026/05/webinar-what-riskiest-soc-alerts-go.html

🚨 New TrickMo #Android banking trojan variant uses TON for stealthy command-and-control, adding SSH tunnelling and SOCKS5 proxying to turn infected devices into network pivots and traffic-exit nodes.

The malware targeted banking and crypto wallet users in France, Italy, and Austria between January and February 2026.

Read → https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html

4 people. No compliance team. No GRC consultant. No second job.

Full SOC 2 compliance.

Before Rippling Automated Compliance for SOC 2 officially launched, one startup put it to the test during beta. On May 13, Nikolas Huebecker, founder of a YC-backed stealth startup, shares exactly how easy it was to get enterprise-grade compliance without adding headcount, slowing down the team, or losing their minds in spreadsheets.

If your company needs SOC 2 and you're not sure how to get there without it consuming everything, this is the session to attend.

🏆How a 4-Person Startup Got Enterprise-Grade Compliance Without Adding Headcount

📅May 13 | Virtual | Free

Register now → https://thn.news/compliance-launch-webinar

⚠️ RubyGems has suspended new signups after a major malicious attack involving hundreds of packages, some reportedly carrying exploits.

The incident raises fresh concerns over open-source supply chain security.

Details here: https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html

⚡ Google is rolling out #Android Intrusion Logging, an opt-in feature that stores encrypted forensic logs for 12 months to help investigate suspected spyware attacks.

Available on Android 16 December update and newer.

Full story: https://thehackernews.com/2026/05/android-adds-intrusion-logging-for.html