As of Friday, May 15, 2026, the AI cybersecurity threat landscape is showing elevated activity across 118 tracked stories. The dominant themes today are Vulnerabilities & CVEs (36 stories), AI & LLM Threats (34 stories), and Data Breaches (14 stories). AI and LLM-based threats are particularly active with 34 stories covering topics such as prompt injection, model exploitation, deepfake campaigns, and AI-assisted attack tooling. 19 CVEs are being tracked across today's stories, including CVE-2026-20182, CVE-2026-46300, CVE-2026-41702, CVE-2026-43284 and 15 more. Each CVE badge below links directly to the NVD advisory. ⚠️ 24 stories involve critical severity, active exploitation, or zero-day conditions. Security teams should prioritize review of flagged items and verify patch status immediately.
&#;xd; &#;xd; :root &#;x7b;&#;xd; --isc-maroon: #;7a1f1f;&#;xd; --isc-maroon-dark: #;5e1717;&#;xd; --isc-link:…
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek .
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of them post…
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch…
Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating…
Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI…
Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is broken, and TrustCloud has a fix TrustCloud announced a new version of TrustLens, its third party risk…
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN,…
Director of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S. spy agencies to monitor threats to the 2026 elections, according to multiple sources familiar with the matter.
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300…
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability…
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious…
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels…
Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could…
Mustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networks
Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty…
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. The post Enhancing Data Center Security Without Sacrificing Performance appeared first on SecurityWeek .
HYCU has announced HYCU aiR (AI Resilience), an AI-native solution that turns backup data across dozens of applications into a live and actionable intelligence for security, compliance, and IT teams. aiR lets organizations search, query, and run purpose-built…
The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek .
Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent. The post Mythos Proves Potent in Vulnerability…
The acquisition enables Akamai to expand its Zero Trust portfolio to add protection directly into the browser. The post Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million appeared first on SecurityWeek .
Cofense has announced new advancements to its Phishing Defense Platform aimed at improving detection and response to AI-powered phishing attacks. The updates include AI-driven phishing detection, enhanced triage automation, and AI-assisted training campaign…
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that.…
The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains. The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek .
Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight skills, and several supporting…
The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and…
A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.
AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long…
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure
The Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacks
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
The company says its new Incognito Chat allows you to use its AI chatbot without anyone else—including Meta—being able to access your conversations.
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short…
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systems
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
UK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry
Famous for helping build Apple’s iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world’s most valuable data.
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of…
Today&#;x26;#;39;s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. 
With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up
TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm…
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely…
HiddenLayer reveals infostealer malware in a Hugging Face repository
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the…
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious…
Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2
Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter,…
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over…
The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these…
Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page…
Chrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to.
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security
Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet.
To stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.
It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.
ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use
OpenAI announced its intention to expand the Trusted Access for Cyber program for cyber defenders at the federal, state and local government levels
Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more.
Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required
A researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AI
OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks.
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity…
Marsh’s 2026 People Risks survey finds cyber‑related challenges dominate, as cyber‑threat literacy tops risks and cyber and AI skills shortages rise
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets
AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.
AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents
Google Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policies
Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents
<div class="SCXW131754345 BCX8"> <div class="OutlineElement Ltr SCXW131754345 BCX8"> <h2><a class="c-button c-button--on-dark"…
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the…
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds
OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing
At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future
The AISI has issued its judgement on Anthropic’s Mythos Preview model
SANS Institute reveals that AI agents are behind a 76% surge in non-human identities
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
<h2><strong>Advisory at a Glance</strong></h2> <table> <tbody> <tr> <th>Title</th> <td>Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure</td> </tr> <tr> <th>Original Publication</th> <td>April 7,…
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
Expel has warned of malicious Chrome extensions stealing users’ AI conversations
ISACA survey found that confusion over responsibility and lack of understanding around AI cyber-attacks makes containing them difficult
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response
CursorJack shows how malicious MCP deeplinks in Cursor IDE can trigger user-approved code execution
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools
OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity
Over one in five winners of IT-Harvest’s 2026 Cyber 150 are AI security companies
Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast
Critical flaw "ContextCrush" in Context7 MCP Server could allow malicious instructions into AI tools
<h2><strong>Summary</strong></h2> <p><strong>Note:</strong> This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet <a…
<h2><strong>Advisory at a Glance</strong></h2> <table> <tbody> <tr> <td>Executive Summary</td> <td>CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity…
<h2><strong>Executive summary</strong></h2> <p>People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military…
<h2><strong>Executive Summary</strong></h2> <p>This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination,…
2.5 million people were affected, in a breach that could spell more trouble down the line.
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.