CyberSecurity Updates

13 May

Fortinet, Ivanti Patch Critical Vulnerabilities

Information, News

Fortinet and Ivanti on Tuesday announced patches for 18 vulnerabilities across their product portfolios, including three critical-severity bugs. Fortinet published 11 advisories describing as many bugs, including two dealing with critical-severity code execution security defects. Tracked as CVE-2026-44277 (CVSS score of 9.1), the first of them is an improper access control issue in FortiAuthenticator that could be exploited remotely, without authentication, via crafted requests. “FortiAuthenticator Cloud is not impacted by the issue, and hence customers…

Read More
12 May

Patch Tuesday, May 2026 Edition

Information, Insights

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases. As it does on the second Tuesday…

Read More
12 May

Eyes wide open: How to mitigate the security and privacy risks of smart glasses

Information

Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Phil Muncaster 11 May 2026  •  , 5 min. read Fashion and many other trends have a way of reappearing every few years. So we probably shouldn’t be surprised that smart glasses are doing the rounds once more, after a failed attempt by Google to popularize them over a decade…

Read More
11 May

Frame Security Emerges From Stealth With $50M for Awareness and Training Platform

Information, News

Frame Security emerged from stealth mode on Monday with $50 million in funding raised for its AI-powered cybersecurity awareness and training platform. The investment came from Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet. US- and Israel-based Frame Security was founded by Tal Shlomo, who serves as the company’s CEO, and Sharon Shmueli, who serves as CTO. Shlomo was one of the earliest employees of cloud security giant Wiz, while Shmueli until…

Read More
11 May

Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools

Data Breaches, Information, News

Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil. Elizabeth Polo was in a creative writing class at the University of Maryland late Thursday afternoon when a classmate shouted, “Canvas got hacked.” A message from a hacking collective flashed on her computer screen. “Our whole class just like was…

Read More
08 May

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner

Information, News

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: US government targets 72-hour patch cycles US cybersecurity officials are proposing…

Read More
08 May

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

Information, News

Poland’s Internal Security Agency (ABW) has documented a significant escalation in cyberattacks targeting industrial control systems (ICS) and other operational technology (OT) infrastructure during 2024 and 2025, with state-sponsored threat actors increasingly shifting focus toward the physical disruption of critical services. A Polish official revealed in August 2025 that a cyberattack could have caused a city to lose its water supply, but the attack was thwarted. No technical information was shared at the time.  The…

Read More
08 May

Fixing the password problem is as easy as 123456

Information

Digital Security How come it’s still possible to ‘secure’ an online account with a six-digit string? Tony Anscombe 07 May 2026  •  , 4 min. read The most-used password globally is exactly what you think it is: ‘123456.’ That’s according to NordPass’s latest annual report on passwords exposed in data breaches globally. Other all-too-predictable choices, such as ‘123456789’, ‘12345678’, ‘12345’ and ‘admin’, also prove to have staying power year after year. My first instinct is…

Read More
08 May

Fake call logs, real payments: How CallPhantom tricks Android users

Information

There’s an app for everything nowadays… right? Well, looking up call records for a phone number of choice is not one of those things, as potentially millions of Android users found out after paying for app subscriptions promising just that. The offending apps, which we named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number. To unlock this supposed feature,…

Read More
08 May

Ransomware Group Takes Credit for Trellix Hack

Data Breaches, Information, News

The RansomHouse ransomware group has taken credit for the recent attack on the cybersecurity firm Trellix. The Trellix hack came to light this week when the company announced on its website that part of its source code repository had been breached. “Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited,” the company stated. No other…

Read More