Cisco Talos argues standard ransomware-era incident response playbooks are structurally inadequate against state-sponsored threat actors with different objectives, persistence, and escalation thresholds.
Microsoft Incident Response uncovered an attack that moved laterally exclusively through legitimate administrative mechanisms and trusted third-party access, leaving no custom malware or exploit artifacts.
Trump rejected Iran's latest ceasefire counterproposal, declaring the truce 'on massive life support' as of May 12, 2026. Breakdown raises immediate escalation risk in the Strait of Hormuz amid active US-Israeli military operations against Iranian forces.
After US-Israeli strikes destroyed most of Iran's conventional naval fleet, Iran deployed swarms of small 'mosquito' vessels that are now disrupting all Strait of Hormuz transit corridors. The asymmetric pivot demonstrates Iran can threaten 20% of global oil flow with degraded conventional forces.
CISA and G7 partners published joint guidance defining minimum elements for AI software bills of materials to increase supply chain transparency. Codifies an international baseline for AI component accountability as nation-state actors increasingly target opaque AI pipelines.
Radiant Security is promoting an AI-driven SOC platform to address uninvestigated high-risk alerts across WAF, DLP, OT/IoT, and supply chain categories. This is a vendor advertisement, not an intelligence item.
President Trump traveled to Beijing in dealmaking mode, deprioritizing hawkish China policy in favor of economic negotiation. The pivot risks softening U.S. leverage on technology transfer controls and cyber-related sanctions at a moment of peak strategic competition.
Attackers breached Škoda Auto's e-commerce platform and exfiltrated personal data from an undisclosed number of customers. A Volkswagen subsidiary breach signals continued targeting of major automotive brands' digital storefronts.
Foxconn suffered another ransomware attack, with attackers claiming theft of confidential files tied to Apple and Nvidia. Repeated breaches at the world's largest contract manufacturer expose structural vulnerability at the core of global tech supply chains.
A ransomware group claims it stole confidential Apple and Nvidia documents from Foxconn; affected factories are back online. The breach marks the second major ransomware incident against Foxconn and raises fresh concerns about IP security at critical manufacturing nodes.
Attackers exploited a GitHub Actions misconfiguration to compromise the TanStack open-source project in a supply chain attack; CISA is separately advising critical infrastructure operators to architect for offline resilience.
A stack buffer overflow in the cryptographic message syntax handling of ABB AC500 V3 PM5xxx versions 3.9.0 and 3.9.0_HF1 allows crash, DoS, or remote code execution; a patch is available. Unpatched industrial PLCs in critical manufacturing environments represent direct operational technology compromise risk.
CVE-2025-2595, CVE-2025-41659, and CVE-2025-41691 in ABB AC500 V3 PLCs enable user management bypass, certificate and key exfiltration, and denial-of-service. Credential material exposure on industrial controllers can facilitate persistent OT network access well beyond initial compromise.
ABB Automation Builder versions below 2.9.0 expose the Windows gateway remotely by default, allowing unauthenticated attackers to enumerate connected PLCs; user management misconfiguration removes the remaining access barrier.
A CVSS 7.8 vulnerability in Fuji Electric Tellus 5.0.2 lets attackers escalate from user to SYSTEM, enabling DoS, file access, and deletion in critical manufacturing environments. SYSTEM-level access on HMI software provides adversaries direct visibility into and control over connected industrial processes.
CVE-2026-35504, CVE-2026-26289, CVE-2026-33570, and CVE-2026-35555 affect Subnet Solutions PowerSYSTEM Center 2020 and 2024, enabling authenticated attackers to expose sensitive data or execute CRLF injection.
Multiple vulnerabilities in ABB's WebPro SNMP card PowerValue allow local network attackers to gain unauthorized access, exhaust resources via DoS, or exploit insufficient session expiration. ABB is urging immediate patching; unmitigated flaws in UPS management hardware threaten data center and industrial uptime.
Theori disclosed a local privilege escalation in the Linux kernel on April 29, 2026, abusing AF_ALG sockets and splice() to write into arbitrary page cache with a working PoC; it runs unmodified on Ubuntu, RHEL, Debian, SUSE, Amazon Linux, and Fedora.
Apple, Google, Microsoft, Mozilla, and Oracle patched near-record security bug volumes in May 2026, with AI models credited for accelerating vulnerability discovery. The trend signals a structural shift in patch cadence that defenders must match or face widening exposure windows.
Microsoft's May 2026 Patch Tuesday addressed 137 vulnerabilities including 13 critical, with AI models driving the elevated discovery rate. The volume sets a new operational tempo for enterprise patch teams already stretched by accelerating release cycles.