Alerts
SAP has released 15 security notes as part of its May 2026 Security Patch Day, including fixes for two critical vulnerabilities carrying CVSS scores of 9.6 in S/4HANA and Commerce Cloud. The S/4HANA flaw, tracked as CVE-2026-34260, is an SQL injection caused by missing input
Breaches
West Pharmaceutical Services, a Pennsylvania-based pharmaceutical manufacturing giant, has confirmed a ransomware attack that disrupted operations across its global footprint after attackers exfiltrated data and deployed file-encrypting ransomware. The attack occurred on May 4 and prompted the company to proactively shut down and isolate affected on-premise infrastructure.
Threats
A threat actor tracked as TeamPCP is behind a widening supply chain attack campaign called Mini Shai-Hulud, which has compromised packages across both the npm and PyPI ecosystems belonging to TanStack, Mistral AI, Guardrails AI, OpenSearch, and UiPath, among others. The compromised packages contain an obfuscated JavaScript file named
Breaches
Instructure, the company behind Canvas LMS — used by over 30 million educators and students across more than 8,000 institutions worldwide — has confirmed it reached a financial agreement with the ShinyHunters extortion group to prevent the release of stolen data from a recent breach. The company stated that ShinyHunters returned
Threats
Microsoft has disclosed a large-scale credential theft campaign that targeted more than 35,000 users across 13,000 organizations in 26 countries over a three-day window between April 14 and 16, 2026. The campaign combined polished enterprise-style lures with adversary-in-the-middle (AiTM) phishing to harvest
Alerts
Two critical vulnerabilities in widely deployed Chinese enterprise software are under active exploitation, with threat actors leveraging unauthenticated remote code execution flaws in MetInfo CMS and Weaver E-cology to compromise servers without requiring any credentials. CVE-2026-29014 (CVSS 9.8) affects MetInfo, a PHP and MySQL-based enterprise
Threats
ESET researchers have uncovered a supply chain espionage campaign by North Korean APT group ScarCruft that compromised a video game platform popular with ethnic Koreans living in China's Yanbian region — a border area known as a primary transit point for North Korean defectors crossing the Tumen River into
Alerts
Wiz researchers have disclosed a critical remote code execution vulnerability in GitHub's internal Git infrastructure that exposed millions of repositories across both GitHub.com and GitHub Enterprise Server. Tracked as CVE-2026-3854, the flaw allowed any authenticated user to execute arbitrary commands on GitHub's backend
Alerts
A privilege escalation vulnerability in Microsoft Defender is under active exploitation using publicly available proof-of-concept code, with Huntress confirming attacks began on April 10 — four days before Microsoft released a patch. CISA added the flaw to its Known Exploited Vulnerabilities catalog on Wednesday, setting a May 6 federal
Alerts
A critical sandbox escape vulnerability has been disclosed in Terrarium, an open-source Python sandbox developed by Cohere AI for running untrusted code in Docker-deployed containers. Tracked as CVE-2026-5752 with a CVSS score of 9.3, the flaw allows attackers to break out of the sandbox and
Alerts
Microsoft has pushed an emergency out-of-band security update to address CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core's Data Protection cryptographic APIs that allows unauthenticated attackers to forge authentication cookies and gain SYSTEM-level access on affected systems. The flaw originated from
Threats
Acronis researchers have identified a new variant of the LOTUSLITE backdoor being deployed by Mustang Panda in campaigns targeting India's banking sector and South Korean policy communities. The updated malware demonstrates incremental refinements over its predecessor, confirming active maintenance by the Chinese nation-state group as it broadens