Apple Open-Sources Its corecrypto Post-Quantum Cryptography Implementations With Formal Proofs

Apple published the post-quantum cryptography implementations in corecrypto — the library behind iOS, iPadOS, and macOS — alongside formal proofs and verification tools. It does not change today's encryption posture, but it lets outside experts audit the math that will protect tomorrow's.

Google Cloud Launches AI Threat Defense, Pairing Gemini With Wiz and CodeMender

Google Cloud launched AI Threat Defense on May 27, 2026 — an automated platform that pairs Gemini, the Wiz cloud-security stack, and the CodeMender AI code-fixing agent to find, prioritize, and patch software vulnerabilities at machine speed.

Third-Party UK Visa Site Exposed About 100,000 Applicants' Passport Scans and Selfies

A site branded as 'UK Visa Portal' exposed at least 100,000 applicants' passport scans and selfies, TechCrunch reported May 26. The site is not affiliated with the UK government, and the operator sent attorneys rather than fix the leak.

GlassWorm Takedown: CrowdStrike, Google, and Shadowserver Hit All Four C2 Channels at Once

CrowdStrike's Counter Adversary Operations team, with Google and the Shadowserver Foundation, executed a simultaneous takedown of all four GlassWorm command-and-control channels — Solana, BitTorrent DHT, Google Calendar, and direct servers — on May 26-27, 2026.

SymJack, Fake Claude Installers, and AI-Chatbot SEO Cryptojacking Hit the Same Trust Surface

Three independently disclosed campaigns in the May 26-27 cycle treat AI tools as a single trust surface — SymJack at the agent layer, fake installers impersonating Claude and ChatGPT at the brand layer, and AI chatbot recommendations at the discovery layer.

Gitea CVE-2026-27771 Lets Anyone on the Internet Pull Your Private Container Images

Gitea disclosed CVE-2026-27771, a registry authorization flaw that lets unauthenticated attackers pull private container images from any self-hosted Gitea below 1.26.2. It collapses the security premise of self-hosting: keeping images off public registries.

FBI FLASH: Silent Ransom Group Now Sends Operatives Into US Law Firms With USB Drives

The FBI's May 26 FLASH alert warns that Silent Ransom Group — also tracked as Luna Moth, Chatty Spider, and UNC3753 — is now sending operatives in person to US law firms, posing as IT support and inserting USB drives to steal client data for extortion.

Gambit Security Ties LA Metro Hacktivist Persona 'Ababil of Minab' to Iran's MOIS

Israeli firm Gambit Security says the 'Ababil of Minab' hacktivist persona that claimed the March 2026 LA Metro breach is, on its forensic evidence, a front for Iran's Ministry of Intelligence and Security. At least 700 GB was stolen, and attackers reached a rail-yard control display.

What Is the Cyber Kill Chain?

A complete guide to the Cyber Kill Chain — the seven stages of a cyberattack, how defenders use the model to break an attack, and how it compares to MITRE ATT&CK.

India's CERT-In Mandates 12-Hour Patching, Cites AI-Compressed Exploitation Timelines

India's CERT-In issued guidelines on May 26, 2026 requiring organizations to patch critical internet-exposed vulnerabilities within 12 hours, "where feasible." The cited reason is explicit: AI-driven exploitation has compressed the patch window past what conventional SLAs can survive.

KnowledgeDeliver Zero-Day CVE-2026-5426 Dropped Godzilla Web Shell and Cobalt Strike

Google's Threat Intelligence Group caught attackers exploiting CVE-2026-5426, a hardcoded ASP.NET machineKey in Digital Knowledge's KnowledgeDeliver LMS, to forge ViewState payloads, drop the Godzilla web shell, and stage Cobalt Strike Beacon. The patch alone is not enough.

Nimbus Manticore Returns With MiniFast, an AI-Assisted Backdoor Hitting Aviation and Aerospace

Nimbus Manticore — the Iran-nexus APT The CyberSignal covered as Screening Serpens — has returned with a new backdoor codenamed MiniFast that Check Point Research assesses was developed with AI assistance, and a target set that now spans aviation, aerospace, defense, software, and telecom.