Article Read Time
1. Google Thwarts First AI-Driven Zero-Day Exploit Attempt
Google’s Threat Intelligence Group revealed it disrupted a hacker operation that used artificial intelligence to discover and weaponize a zero-day vulnerability in a widely used open-source web administration tool. The attackers leveraged an AI model to bypass two-factor authentication and were planning what Google described as a “mass exploitation event” before the company’s proactive detection intervened. Google alerted the tool’s developer in time for a patch to be issued, and chief analyst John Hultquist declared the incident proof that “the era of AI-driven vulnerability and exploitation is already here.”
2. Pwn2Own Berlin 2026 Shatters Records with $1.3M and 47 Zero-Days
The annual Pwn2Own hacking competition in Berlin concluded on May 16 with a record-setting $1,298,250 awarded to researchers who demonstrated 47 unique zero-day vulnerabilities across three days of competition. DEVCORE claimed Master of Pwn honors with $505,000 in earnings, highlighted by a devastating three-bug chain that achieved remote code execution as SYSTEM on Microsoft Exchange. Windows 11, Microsoft Edge, and multiple enterprise platforms all fell to exploit chains, and several researchers who were turned away due to capacity constraints released their zero-days independently.
Source: https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn
3. DAEMON Tools Supply Chain Attack Delivers Backdoors to Government and Enterprise Targets
Kaspersky researchers uncovered a sophisticated supply chain attack in which official DAEMON Tools Lite installers, distributed through the vendor’s own website and signed with legitimate digital certificates, were trojanized between April 8 and May 5, 2026. The compromised installers delivered an information stealer and persistent backdoor, impacting thousands of users across more than 100 countries. While the initial infection was broad, targeted second-stage payloads were deployed to only a dozen machines belonging to government, scientific, retail, and manufacturing organizations, with artifacts suggesting a Chinese-speaking threat actor.
Source: The Hacker News URL: https://thehackernews.com/2026/05/daemon-tools-supply-chain-attack.html
4. Medtronic Confirms Major Breach as ShinyHunters Claims 9 Million Records
Medical technology giant Medtronic disclosed a cybersecurity incident after the ShinyHunters ransomware group claimed responsibility for exfiltrating more than 9 million records, including patient data and internal corporate information. The breach is part of a wider ShinyHunters campaign that also hit Instructure’s Canvas educational platform and real estate firm, Cushman & Wakefield, within the same week, exposing over 500,000 Salesforce records from Cushman & Wakefield alone. Medtronic stated that its medical devices, operations, and financial systems were not impacted.
Source: https://www.securityweek.com/
5. CISA Issues Emergency Directive for Critical Cisco SD-WAN Zero-Day (CVE-2026-20182)
CISA added CVE-2026-20182, a maximum-severity CVSS 10.0 authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, to its Known Exploited Vulnerabilities catalog after confirming active exploitation by a sophisticated threat actor tracked as UAT-8616. The flaw allows unauthenticated remote attackers to obtain full administrative privileges on affected systems. CISA set a May 17 remediation deadline for all Federal Civilian Executive Branch agencies, underscoring the urgency of patching network infrastructure that underpins enterprise connectivity.
Source: https://thehackernews.com/2026/05/cisa-adds-cisco-sd-wan-cve-2026-20182.html