4 people. No compliance team. No GRC consultant. No second job.

Full SOC 2 compliance.

Before Rippling Automated Compliance for SOC 2 officially launched, one startup put it to the test during beta. On May 13, Nikolas Huebecker, founder of a YC-backed stealth startup, shares exactly how easy it was to get enterprise-grade compliance without adding headcount, slowing down the team, or losing their minds in spreadsheets.

If your company needs SOC 2 and you're not sure how to get there without it consuming everything, this is the session to attend.

🏆How a 4-Person Startup Got Enterprise-Grade Compliance Without Adding Headcount

📅May 13 | Virtual | Free

Register now → https://thn.news/compliance-launch-webinar

⚠️ RubyGems has suspended new signups after a major malicious attack involving hundreds of packages, some reportedly carrying exploits.

The incident raises fresh concerns over open-source supply chain security.

Details here: https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html

⚡ Google is rolling out #Android Intrusion Logging, an opt-in feature that stores encrypted forensic logs for 12 months to help investigate suspected spyware attacks.

Available on Android 16 December update and newer.

Full story: https://thehackernews.com/2026/05/android-adds-intrusion-logging-for.html

⚠️ GemStuffer used more than 150 RubyGems packages to exfiltrate scraped U.K. council portal data, not distribute malware.

The gems collected ModernGov pages, built .gem archives, and published them to RubyGems with hardcoded credentials.

Read: https://thehackernews.com/2026/05/gemstuffer-abuses-150-rubygems-to.html

🛑 Microsoft patched 138 security flaws across its products, including 30 Critical bugs and Windows DNS, Netlogon, Azure, Dynamics 365, and Hyper-V issues.

None are listed as publicly known or under active attack.

Full details here: https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html

Exploit timelines are outpacing remediation: Mandiant estimates mean time to exploit at -7 days, while Verizon puts median edge-device remediation at 32 days.

The issue: closed tickets don’t always mean risk is gone.

Full analysis: https://thehackernews.com/2026/05/most-remediation-programs-never-confirm.html

⚠️ China-linked FamousSparrow targeted an Azerbaijani oil and gas firm in a multi-wave intrusion from Dec 2025 to Feb 2026.

Attackers reused a vulnerable Microsoft Exchange Server entry point to deploy Deed RAT and attempt TernDoor.

Read: https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html

UMAI surfaces the public AI ecosystem, including the exposed parts 👀, through raw technical evidence.

We collect the underlying technical details that help organizations understand, navigate, and investigate an environment expanding faster than most teams can even map.

Turns out some AI agents are better at discovering AI systems than security teams 🤷🏾‍♂️

Start exploring for free: https://thn.news/ai-ecosystem-search

🔥 Microsoft’s new MDASH AI just uncovered 16 Windows vulnerabilities, patched today in Patch Tuesday — including 4 critical RCEs in the TCP/IP kernel and IKEv2 VPN.

An army of 100+ AI agents debated, validated, and proved them exploitable.

Read more: https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html

⚡ WEBINAR — Your AppSec tools are flooded with “toast” alerts. But attackers are quietly building a Lethal Chain to your most important data.

Small low-risk flaws in code, pipeline, and cloud create one deadly path your tools miss.

Learn:
• How to spot real dangerous risks
• How to map actual attack paths
• A simple way to cut noise and focus on what matters

Join Wiz experts Mike McGuire & Salman Ladha live next week.

🔗 Watch here → https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html

🚨 ConsentFix v3 just dropped on the XSS criminal forum.
New toolkit fully automates Microsoft account hijacks:

󠁯•󠁏 ClickFix social engineering + OAuth consent phishing
󠁯•󠁏 Fake personas & email campaigns
󠁯•󠁏 Cloudflare phishing pages
󠁯•󠁏 Auto token swap → persistent session + refresh tokens

Easily bypasses MFA/passkeys.

Read: https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html#:~:text=New%20ConsentFix%20V3%20Attack%20Automates%20Microsoft%20Account%20Hijacking

😳 One sneaky plaintext byte is all it takes.

Exim’s new “Dead.Letter” (CVE-2026-45185) triggers when a client sends a TLS close_notify mid-BDAT, then slips in a final \n.

That single write hits a freed TLS buffer → corrupts heap allocator metadata on GnuTLS builds (4.97–4.99.2).

XBOW calls it one of the highest-caliber bugs they’ve seen in Exim.

Patch to 4.99.3 right now 👇 https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html

What if your Android phone secretly kept a tamper-proof forensic log that even advanced spyware can’t delete?

Google just made it real with "Intrusion Logging"

🔸 Opt-in, 12-month encrypted records designed for journalists & activists.

🔸 Enable: Settings → Security & privacy → Advanced Protection → Intrusion Logging

🔸 Rolling out with Android 16 (December update)

Full story: https://thehackernews.com/2026/05/android-adds-intrusion-logging-for.html

⚡ An 18-year-old flaw in NGINX can let unauthenticated attackers run code or crash servers using crafted HTTP requests.

Tracked as CVE-2026-42945 and named NGINX Rift, the bug affects NGINX Plus and Open Source.

Patch details and mitigation steps: https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html

🛑 3rd Linux kernel LPE in just ~2 weeks: Fragnesia (CVE-2026-46300) just dropped.

Attackers can now gain root by corrupting the kernel page cache through a flaw in XFRM ESP-in-TCP.

PoC is public. Major distros have already issued advisories.

Details: https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html

🔥 Two new Windows zero-days expose a BitLocker bypass in WinRE and a CTFMON privilege escalation issue.

YellowKey affects Windows 11 and Server 2022/2025; GreenPlasma could enable abuse of SYSTEM-writable paths.

Full story: https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html

🔥 Two new Windows zero-days expose a BitLocker bypass in WinRE and a CTFMON privilege escalation issue.

YellowKey affects Windows 11 and Server 2022/2025; GreenPlasma could enable abuse of SYSTEM-writable paths.

Full story: https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html

⚠️ AI hallucinations just became a real cyber weapon.

2025 benchmark of 40 AI models: 36/40 were more likely to give confident wrong answers than correct ones on hard questions.

That’s not a glitch. That’s your new attack surface.

Read → https://thehackernews.com/2026/05/how-ai-hallucinations-are-creating-real.html

🚨 Threat actors targeted PraisonAI CVE-2026-44338, an authentication bypass vulnerability, within hours of disclosure.

The flaw affects versions 2.5.6–4.6.33 and can expose the /agents endpoint without authorization.

Read the full report: https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html

You've heard us say compliance should be part of how you operate, not a project.

On May 20, we're showing you exactly what that means.

Watch Rippling Automated Compliance for SOC 2 collect evidence continuously, catch issues the moment they happen, and resolve them, all without leaving the platform. No bouncing between tools. No quarterly scramble. No mystery about what your auditors will find.

This is the live demo. Come with questions.

🖥Automated Compliance: From Manual Chaos to Continuous Control

📅May 20 | Live Product Demo | Free

Save your spot → https://thn.news/compliance-automation-webinar

🚨 Belarus-aligned Ghostwriter has targeted Ukrainian government organizations since March 2026 with spear-phishing PDFs impersonating Ukrtelecom.

The campaign uses Ukraine IP geofencing, JavaScript PicassoLoader, 10-minute host fingerprinting, and Cobalt Strike after victim validation.

Full infection chain: https://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html