A critical new Linux kernel vulnerability called Fragnesia has been discovered that allows attackers to gain root access through page cache corruption. The flaw represents a serious local privilege escalation threat that could let unprivileged users take complete control of affected Linux systems. Security researchers are urging administrators to patch their systems as soon as updates become available to prevent exploitation of this significant security weakness.

Microsoft has patched multiple zero-day vulnerabilities in Windows, including two critical security flaws that allow attackers to bypass BitLocker encryption and another that enables privilege escalation through the CTFMON system component. The BitLocker bypasses are particularly concerning as they could allow attackers to access encrypted data on compromised systems, while the CTFMON vulnerability lets malicious actors gain elevated system privileges. These patches are part of Microsoft's regular security update cycle and users are urged to apply them immediately to protect against potential exploitation.

AI hallucinations are emerging as a significant security threat as these false but confident outputs from language models can lead security teams to take incorrect actions or trust flawed information. The problem is compounded when AI tools are integrated into security workflows, where hallucinated responses about vulnerabilities, code fixes, or threat assessments could create real-world exploits. Organizations are now grappling with how to validate AI-generated security recommendations before implementing them in production environments.

A critical authentication bypass vulnerability in PraisonAI, tracked as CVE-2026-44338, was exploited by attackers within hours of its public disclosure. The rapid exploitation highlights a growing trend where threat actors quickly weaponize newly revealed security flaws, underscoring the shrinking window organizations have to patch vulnerabilities before they're actively targeted in the wild.

Foxconn's North American facilities were hit by a Nitrogen ransomware attack, marking one of 600 cyber attacks on manufacturers so far this year. Cybercriminal gangs are increasingly targeting the manufacturing sector because these companies have a low tolerance for operational downtime, making them more likely to pay ransoms to restore production quickly.

Artificial intelligence is turbocharged cybersecurity investments in the first quarter of twenty twenty-six, but with an unusual twist. Investment dollars in AI security startups exceeded the value of acquisitions by more than a billion dollars, a rare occurrence that shows venture capital firms are making bigger bets on hot AI-native startups while acquirers are snapping up smaller companies. Industry experts warn this trend has widened the so-called valley of death for cybersecurity startups caught between the AI-native newcomers and established vendors, as fewer dollars are available for companies struggling to adapt to an AI-centric world.

RubyGems, the official Ruby package hosting service, has temporarily suspended new account registrations after threat actors flooded the platform with over 500 malicious packages using bot accounts. The malicious packages, which included exploit code and attempted XSS attacks and data exfiltration, have been removed, and maintainers say existing packages were not compromised and end users were not targeted. Security researchers are concerned the attack could be masking something more sophisticated, as the site expects registrations to remain closed for another two to three days while implementing stricter rate limiting and additional protections.

Intel and AMD have released comprehensive security updates for May 2026 Patch Tuesday, collectively addressing 70 vulnerabilities across their product lines. Intel's most critical fix patches a buffer overflow in their Data Center Graphics Driver for VMware ESXi with a severity score of 9.3, while AMD's critical flaw involves their Device Metrics Exporter which improperly exposes network access, potentially allowing remote attackers to modify GPU configurations. The updates cover a wide range of products including drivers, firmware, processors, and software tools, with successful exploitation potentially leading to privilege escalation, code execution, and denial of service attacks.

Fortinet and Ivanti have released patches for a total of 18 vulnerabilities in their products, including three critical-severity bugs that could allow remote, unauthenticated attackers to execute code through crafted requests. The most serious flaws affect Fortinet's FortiAuthenticator and FortiSandbox products, as well as Ivanti's Xtraction tool, all with CVSS scores above 9. Both companies say they're not aware of any active exploitation in the wild, but the vulnerabilities could enable attackers to gain code execution or access sensitive files on affected systems.

Microsoft has patched a critical zero-click Outlook vulnerability that security researcher Haifei Li calls an "enterprise killer," allowing attackers to execute code simply by sending an email that's read or previewed, with no clicking required. The flaw, tracked as CVE-2026-40361, is a use-after-free bug affecting Outlook's email rendering engine that bypasses firewalls and directly targets executives' inboxes, though developing a full working exploit remains challenging. Li recommends immediate patching and notes that switching Outlook to plain text mode is the only effective mitigation aside from the security update.