Ransomware Forces West Pharmaceutical to Take Global Systems Offline

West Pharmaceutical Services disclosed a disruptive ransomware attack via SEC Form 8-K on May 7, took global systems offline, and engaged Palo Alto Unit 42. The pharma-packaging CI adjacency just became a documented sector risk.

GM Just Paid $12.75M for Selling Driver Data It Shouldn't Have Kept

California AG Bonta announced a $12.75M civil penalty against GM and OnStar for selling driver data to data brokers 2020-2024. Largest CCPA penalty ever; first data minimization enforcement.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, and 170 Packages

TeamPCP's Mini Shai-Hulud worm hit 170+ packages May 11, including TanStack, Mistral AI, and Guardrails AI. First npm worm to ship valid SLSA Build Level 3 provenance for malicious code.

Instructure Paid the Ransom. Congress Just Opened an Investigation.

Instructure paid ShinyHunters on May 11 to delete 3.65TB from 8,809 schools. Congress opened an investigation the same day. The vendor-paid-ransom precedent for SaaS is now set.

South Staffordshire Water Just Got Fined Nearly 1 Million Pounds for a Cl0p Attack Hackers Hid In for 20 Months

The ICO fined South Staffordshire Water nearly GBP 1 million over a Cl0p attack that exposed 633,887 records. Hackers sat undetected for 20 months. Only 5 percent of the IT environment was monitored.

Dirty Frag: A New Linux Kernel LPE With Public Exploit and No Coordinated Patch

Two page-cache write bugs chained for deterministic Linux root. Public exploit released after embargo break on May 7. AlmaLinux specifics matter; container workloads inherit host kernel exposure.

Google Just Caught the First AI-Generated Zero-Day in the Wild. A Hallucinated CVSS Score Gave It Away.

Google Threat Intelligence Group disclosed the first publicly confirmed AI-generated zero-day exploit caught in the wild on May 11. The Python script bypassed 2FA on a popular open-source admin tool and was destined for mass exploitation before Google disrupted it.

HeartlessSoul Wants Map Data. Russian Aerospace and Drone Operators Are Giving It to Them.

Kaspersky disclosed cyber espionage group HeartlessSoul on May 11, targeting Russian aerospace firms and drone operators through SourceForge malvertising to steal GIS shape files, GPS data, and terrain models. The operational ground truth Russian analysts use is the prize.

TeamPCP Just Backdoored Checkmarx for the Third Time in Three Months

TeamPCP compromised the Checkmarx Jenkins AST Plugin on May 9, the third attack on Checkmarx in three months. The Dune-themed defacement reads "Checkmarx fails to rotate secrets again." Either secrets rotation was incomplete or TeamPCP retained access through an unremediated persistence mechanism.

cPanel Update: Mr_Rot13 Has Been Backdooring Servers Through CVE-2026-41940 For Six Years

The cPanel CVE-2026-41940 story continues. A new threat actor has been named, the backdoor it deploys has been documented, and the most operationally relevant fact is that this group has been operating since 2020 with detection rates close to zero. BEIJING, CHINA — A new threat actor designated Mr_Rot13 has

Mandia, Stamos, and Adamski Just Told Everyone the Next Two Years Will Be 'Insane'

Three of cybersecurity's most prominent voices used the RSA Conference in March to deliver a unified warning: AI is finding vulnerabilities faster than organizations can patch them, and the next two years will outpace anything the industry has seen.

Cybersecurity Students Took a Federal Scholarship Deal. Now They May Owe Six Figures.

Participants in the CyberCorps Scholarship for Service program face hundreds of thousands of dollars in potential debt as Trump administration hiring freezes have led federal agencies to rescind job and internship offers. The Trump administration has proposed cutting SFS funding by 65 percent.