A week in security (May 11 – May 17)
Last week on Malwarebytes Labs: Attackers replaced JDownloader installer downloads with malware Meta’s confusing new approach to chat privacy Why Malwarebytes blocks some Yahoo Mail…
Month: May 2026
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath,…
Agentic AI Expands Enterprise Attack Surface, Warns NCSC
The UK’s National Cyber Security Centre (NCSC) has warned organizations to take a measured approach toward adopting agentic AI, highlighting the growing cyber and operational…
Shadow AI Is Quietly Reshaping Enterprise Attack Surfaces
By Niall Browne, CEO and Founder, AIBound Shadow AI is accelerating alongside artificial intelligence (AI) adoption at a pace that has outgrown most enterprise governance…
Composability in the Great Content Collapse
The digital content landscape has shifted under our feet. And you’ve probably noticed. Nearly half of all Google searches now feature AI Overviews. Those AI-generated results…
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Pwn2Own Berlin 2026 has come to an end, and participants earned a total of nearly $1.3 millon for exploits targeting Windows, Linux, VMware, Nvidia, and…
Former CISA nominee Sean Plankey named US CEO of defense startup
Sean Plankey, most recently the nominee for director of the Cybersecurity and Infrastructure Security Agency, is joining defense technology company UFORCE as its U.S. chief…
Cowbell appoints Gerry Power as General Manager, Australia
Cowbell has appointed Gerry Power as General Manager, Australia, as the cyber insurance provider expands its local operations. The newly created role will see Power…
Bug Bounties for the 99%
Intro by Andrew Morgan, Founder of Right of Boom Cyber Summit. March 26, 2020, and July 2, 2021, are two dates that will be seen…
Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks
A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community.…
AI is distorting the Holocaust (Lock and Code S07E10)
This week on the Lock and Code podcast… In May of last year, a warning about AI came from somewhere unexpected: The Auschwitz-Birkenau State Museum.…
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Ravie LakshmananMay 13, 2026Software Supply Chain / Data Exfiltration Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems…