Cyber Security News

Hacking Brief: May 14, 2026

Microsoft released its May 2026 Patch Tuesday update addressing 138 vulnerabilities, including critical remote code execution flaws affecting DNS and Netlogon services. Shortly after, a disgruntled anonymous researcher disclosed two new Windows zero-day vulnerabilities—YellowKey, which bypasses BitLocker encryption, and GreenPlasma, a privilege escalation flaw—continuing a pattern of public disclosures following previous zero-days released by the same researcher. Meanwhile, Oracle announced a shift to monthly critical security patch releases starting May 28, supplementing its traditional quarterly cycle, explicitly citing the increased pace of AI-assisted vulnerability discoveries as the driver for this policy change.

The ShinyHunters ransomware group executed a significant attack against Instructure's Canvas learning management system, which serves over 8,000 educational institutions. The attack disrupted services and prompted Instructure to negotiate directly with the threat actors, ultimately reaching a deal for data deletion—a controversial decision that reflects growing pressure on organizations during active extortion campaigns. Separately, Google's Threat Intelligence Group reported discovering hackers leveraging AI to identify and exploit a zero-day vulnerability designed to bypass two-factor authentication in what was intended as a mass exploitation event, which Google claims to have thwarted. The incident represents one of the first confirmed cases of threat actors operationalizing AI for large-scale zero-day exploitation targeting authentication mechanisms.

Sources: The Hacker News · The Register · CNN · CNBC