Artificial Intelligence (AI)
Google Cloud launched AI Threat Defense on May 27, 2026 — an automated platform that pairs Gemini, the Wiz cloud-security stack, and the CodeMender AI code-fixing agent to find, prioritize, and patch software vulnerabilities at machine speed.
Supply Chain Attack
Three independently disclosed campaigns in the May 26-27 cycle treat AI tools as a single trust surface — SymJack at the agent layer, fake installers impersonating Claude and ChatGPT at the brand layer, and AI chatbot recommendations at the discovery layer.
Policy & Government
India's CERT-In issued guidelines on May 26, 2026 requiring organizations to patch critical internet-exposed vulnerabilities within 12 hours, "where feasible." The cited reason is explicit: AI-driven exploitation has compressed the patch window past what conventional SLAs can survive.
Supply Chain Attack
Socket disclosed TrapDoor, a coordinated attack that planted more than 34 malicious packages across npm, PyPI, and Crates.io at once. Its novel move: poisoned .cursorrules and CLAUDE.md files designed to trick a developer's AI coding assistant.
Artificial Intelligence (AI)
Anthropic says Project Glasswing's Claude Mythos Preview has surfaced more than 10,000 high- or critical-severity vulnerabilities in roughly a month. The numbers move the defender bottleneck: finding flaws is no longer the hard part — verifying, disclosing, and patching them is.
AI Security
Germany's top cybersecurity official told lawmakers that China is close to building an AI model with superhacking capabilities — developed in secret. The warning lands a month after Anthropic gated Mythos. AI cyber capability is now great-power competition.
Policy & Government
ICE Assistant Director Matthew Elliston disclosed at the Border Security Expo that agents now reach a 20-million-person list from their iPhones via Palantir's ELITE system. The Mobile Fortify accuracy claim is in tension with 404 Media's January reporting.
Artificial Intelligence (AI)
Google Threat Intelligence Group disclosed the first publicly confirmed AI-generated zero-day exploit caught in the wild on May 11. The Python script bypassed 2FA on a popular open-source admin tool and was destined for mass exploitation before Google disrupted it.
Trending
More than 40 million people ask ChatGPT a healthcare-related question every day. OpenAI's ChatGPT Health and Anthropic's Claude for Healthcare are not HIPAA-compliant for consumers — and that is by design.
Threat Intelligence
BlueNoroff compromised a North American Web3 company using a fake Zoom meeting interface populated with AI-generated deepfakes, deploying a fileless PowerShell implant that maintained persistent access for 66 days while stealing cryptocurrency wallet credentials, browser data, and live webcam footage repurposed to lure future victims. GLOBAL — Arctic Wolf Labs has
AI Security
Federal adoption hits 82% vs 41% private sector as FedRAMP 20x accelerates unvetted agents into classified networks. WASHINGTON, D.C. — While the commercial world cautiously debates the ROI of agentic AI, the federal government has quietly surged ahead, creating a massive, unmanaged attack surface. According to recent IDC and Salesforce
NATO
NATO CCDCOE launches the world's largest live-fire cyber defense exercise, bringing together 4,000 experts to protect fictional Berylia against 8,000 real-time threats. TALLINN, EE — More than 4,000 cyber defenders from 41 nations have concluded Locked Shields 2026, the world’s largest and most complex international