INTERPOL Just Arrested 201 Cybercriminals Across 13 MENA Countries — Operation Ramz Is the First of Its Kind

INTERPOL announced Operation Ramz, the first regional cybercrime enforcement operation focused on MENA. Active October 2025 – February 28, 2026: 201 arrests, 53 servers seized, 3,867 victims across 13 participating countries. Kaspersky and Group-IB contributed.

MiniPlasma: A Researcher's SYSTEM Exploit Just Revealed Microsoft's 2020 Patch Was Silently Undone

Nightmare-Eclipse released MiniPlasma May 13, 2026 — a working SYSTEM-level exploit for cldflt.sys on fully patched Windows 11. The bug is CVE-2020-17103, patched by Microsoft in December 2020. The 2020 PoC still works — and no 2026 patch exists.

NYC Health + Hospitals Just Lost 1.8 Million People's Fingerprints in a Third-Party Breach

NYC Health + Hospitals confirmed an intrusion through an unnamed third-party vendor exposed personal and medical data of at least 1.8 million individuals, including stolen biometric fingerprint records. The first major US public-hospital disclosure to confirm biometric loss.

CrowdStrike Brought Falcon AIDR to Kubernetes. AI Runtime Security Is Now a Five-Vendor Market.

CrowdStrike extended Falcon AIDR to Kubernetes AI workloads with a 180-technique taxonomy and 99% sub-30ms benchmark — making AI runtime security a five-vendor category.

Tycoon2FA Came Back in Weeks. The OAuth Device-Code Variant Uses Microsoft's Own Login Page Against M365.

Tycoon2FA is back six weeks after the Microsoft/Europol takedown — now phishing OAuth device-code consents against M365 via a Trustifi-laundered relay.

Grafana Refused the CoinbaseCartel Ransom. The pull_request_target Pwn Request Just Hit Its Second Major Vendor.

Grafana caught a CoinbaseCartel breach via canary token, traced it to a pull_request_target Pwn Request, and refused to pay — the second Pwn Request hit in three weeks.

CrowdStrike's 2026 FinServ Report: DPRK Took $2.02B Off the Sector, PRESSURE CHOLLIMA's $1.46B Is the Largest Ever

CrowdStrike's 2026 Financial Services Threat Landscape Report logs $2.02B in DPRK theft, PRESSURE CHOLLIMA's $1.46B record heist, and AI-tripled CHOLLIMA tempo.

Dead.Letter: Critical Exim RCE Sparks XBOW's AI-vs-Human Exploit Race

XBOW disclosed a CVSS 9.8 unauthenticated RCE in Exim — and used the seven-day window to race its autonomous LLM exploit pipeline against human researchers.

Apache HTTP/2 Double-Free RCE: One Version Affected, Six Days to Patch

Apache HTTP Server 2.4.66 ships with a double-free in mod_http2 — exploitable on default Debian builds and patched six days later in 2.4.67.

TeamPCP's $25K Mistral Auction: Source Code, Seven Days, and a Confirmed Breach

Mistral AI confirmed a codebase management breach as TeamPCP listed ~450 repositories at $25K buy-it-now, with a seven-day leak deadline.

OpenAI Just Launched Daybreak — and the AI Vulnerability Discovery Market Now Has Four Vendors and Twenty-Plus Partners

OpenAI launched Daybreak on May 11, 2026 — an AI vulnerability discovery platform with three GPT-5.5 models and a 20+ partner roster including Cisco, Cloudflare, CrowdStrike, Palo Alto, Snyk, Tenable, and Rapid7. The AI defender market just formed.

Microsoft Confirmed an Exchange Server Zero-Day Is Under Active Attack — and the 2016/2019 Patch Will Only Reach Period 2 ESU Customers

Microsoft confirmed active exploitation of CVE-2026-42897, a high-severity XSS zero-day in on-prem Exchange OWA, with no permanent patch — only EEMS mitigation. The eventual fix for Exchange 2016 and 2019 will only reach Period 2 ESU customers.