1. A mass npm supply chain attack involving the Mini Shai-Hulud worm has compromised over 170 packages including TanStack and Mistral AI. (https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html)
2. Instructure reached an agreement with the ShinyHunters extortion group to prevent the leak of 3.65TB of stolen data. (https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html)
3. A rogue version of the official Checkmarx Jenkins plugin was published on the Jenkins Marketplace containing an infostealer. (https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/)
4. A UK water company allowed hackers to remain undetected within their network for nearly two years. (https://www.reddit.com/r/cybersecurity/comments/1tavt3o/uk_water_company_allowed_hackers_to_lurk/)
5. General Motors agreed to a 12.75 million dollar settlement in California regarding the unauthorized sale of driver data. (https://www.bleepingcomputer.com/news/legal/gm-agrees-to-1275m-california-settlement-over-sale-of-drivers-data/)
6. A new pre-authentication remote code execution vulnerability was identified in ipTIME devices within the CWMP protocol. (https://www.reddit.com/r/netsec/comments/1tav4dk/new_iptime_preauth_rce_in_cwmp/)
7. The Foxconn Wisconsin facility reportedly suffered a breach linked to Nitrogen ransomware with claims of 8TB of data theft. (https://www.reddit.com/r/cybersecurity/comments/1ta9a0y/foxconn_wisconsin_breach_reportedly_linked_to/)
8. A new tool named GhostLock was released demonstrating how Windows file APIs can be abused to block access to local and network files. (https://www.bleepingcomputer.com/news/security/new-ghostlock-tool-abuses-windows-api-to-block-file-access/)
9. NASA investigators exposed a Chinese national engaged in phishing attempts targeting defense software. (https://www.reddit.com/r/cybersecurity/comments/1ta67wr/nasa_investigators_expose_a_chinese_national/)
10. Security researchers warned of a spear phishing campaign targeting Steam users. (https://www.reddit.com/r/Malware/comments/1tatxxj/steam_spear_phishing/)
11. Threat actors are utilizing fake LinkedIn sponsored advertisements within Google search results to distribute malware. (https://www.reddit.com/r/Malware/comments/1tatujn/fake_linked_in_sponsored_google_search/)
12. Unit 42 released an analysis on Active Directory Certificate Services exploitation focusing on template misconfigurations and shadow credential misuse. (https://unit42.paloaltonetworks.com/active-directory-certificate-services-exploitation/)
Be First to Comment