May 2026
Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an …
LastPass Mobile Smart Scanner improves password security
LastPass has launched Mobile Smart Scanner, a solution that converts photographs of typed or handwritten credentials into structured, ready-to-use password entries that can be …
Google to pay up to $1.5 million for zero-click Pixel Titan M exploits
Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the …
Download: Secure Foundations for AI Workloads on AWS
Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images …
Conti ransomware gang member sentenced to 102 months in prison
A Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. …
VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
VIAVI Solutions has announced the launch of its next-generation CyberFlood CF1000 Appliance, a native 400G security and application performance test platform for the …
Oracle rolls out monthly security patch updates
Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller …
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender …
Anomali ThreatStream Next-Gen speeds threat response across workflows
Anomali has announced ThreatStream Next-Gen. Available standalone or within the Anomali Unified Security Data Lake, it turns threat intelligence into an active decisioning …
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts …
Meta adds proof-based security to encrypted backups
Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a …
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all …
Featured news
Resources
Don't miss
- Dutch police disrupts botnet composed of 17 million devices
- New infostealer reaches enterprise devices through FortiClient EMS vulnerability
- LinkedIn-themed phishing abuses Adobe’s A/B testing platform
- The behavioral signals that sharpen Trojan malware detection
- Zapier exploit chain shows how known anti-patterns compose into critical risk