Supply Chain Attacks, AI Security, and Major Breaches Define This Week in Cybersecurity in May 2026

Major Threats & Vulnerabilities

Software Supply Chain and CI/CD Exploits

Researchers uncovered a malicious campaign targeting SAP npm packages that secretly stole developer and CI/CD credentials through preinstall scripts and GitHub-based command and control. SAP has yet to comment on the incident, which highlights the growing risk of dependency poisoning in enterprise ecosystems.

Another critical flaw was found in Google’s Gemini CLI, allowing remote code execution in CI/CD environments. The Gemini CLI vulnerability has been patched, but organizations are urged to validate inputs, enforce least privilege, and isolate build environments to prevent similar pipeline attacks.

Web and SaaS Vulnerabilities

A hardcoded API key in ClickUp’s JavaScript exposed hundreds of enterprise and government emails for over a year. The ClickUp API key leak highlights the persistent risk of embedded credentials in SaaS platforms. Organizations should enforce MFA and eliminate hardcoded secrets immediately.

In another incident, a popular WordPress plugin with over 70,000 installs was found to contain a dormant backdoor capable of remote code execution. The plugin’s self-update mechanism concealed the malicious code for years, emphasizing the importance of plugin audits and integrity checks.

A flaw in Robinhood’s account creation process allowed attackers to send phishing emails from legitimate company addresses. The Robinhood bug has been fixed, but the case demonstrates how trusted branding can be exploited for social engineering attacks.

Critical Enterprise Vulnerabilities

Microsoft SharePoint administrators are urged to patch immediately following the discovery of a zero-day flaw affecting over 1,300 servers. The SharePoint zero-day vulnerability (CVE-2026-32201) allows remote code execution and is actively being exploited. Organizations should prioritize patching and restrict internet exposure.

Industry News

Law Enforcement and Global Cybercrime

Ukrainian police dismantled a hacking ring responsible for hijacking and selling over 610,000 Roblox accounts. The Roblox account hijacking ring generated roughly $225,000 in illicit profits and demonstrates the growing monetization of gaming-related cybercrime.

European authorities also took down a €50 million cryptocurrency fraud network that used fake investment platforms and remote access tools. The operation employed over 450 people, marking one of the largest crypto scams dismantled to date.

Corporate Breaches and Cloud Security

Two major industrial firms—Itron and Medtronic—reported cyber intrusions this week. Itron’s incident affected corporate IT systems, while Medtronic’s breach, attributed to the ShinyHunters group, exposed millions of records. These events highlight the widening gap between IT and OT security practices.

Home security giant ADT suffered a breach impacting 5.5 million users after attackers accessed its Salesforce cloud through a compromised Okta SSO login. Although alarm systems and payment data were unaffected, this marks ADT’s third breach since 2024, underlining the importance of identity security in cloud environments.

AI Governance and Ethics

The Vatican issued AI ethics guidelines to combat deepfake misinformation, emphasizing transparency and human oversight. In a related move, the Vatican also formalized a strict AI ethics framework banning manipulative AI and prohibiting clergy from using AI-generated sermons, reinforcing its stance on responsible technology use.

AI and Technology Industry Developments

Cisco’s open-source Model Provenance Kit aims to verify AI model origins and integrity, addressing supply chain risks in AI development. Meanwhile, OpenAI is reportedly developing an AI-driven smartphone that replaces traditional apps with intelligent agents, signaling a potential shift in mobile computing paradigms.

Security Tips & Best Practices

How Secure Are Your AI Agents?

• Apply zero trust principles and enforce least privilege access for AI agents using secure authentication and scoped permissions.
• Continuously monitor agent behavior and secure data pipelines with guardrails and validation.
• Use an AI safety checklist and test incident response scenarios to prepare for agent compromise or malicious outputs.

Guardz Warns MSPs of Cloud Ransomware and BEC Risks

• Monitor for AI-driven identity attacks and password compromises.
• Implement stronger SaaS security controls to mitigate BEC losses.
• Leverage AI detection tools with high accuracy rates to detect threats early.

Is Your Build Pipeline Truly Trusted?

• Enforce dependency security by pinning versions, using SBOMs, and verifying artifacts with signing tools like sigstore.
• Harden CI/CD pipelines and secrets management by restricting permissions and eliminating hardcoded credentials.
• Implement runtime monitoring to detect anomalous behavior and respond to potential supply chain compromises.

Patch SharePoint Servers Immediately

• Identify and patch all systems vulnerable to CVE-2026-32201.
• Restrict internet exposure of SharePoint servers.
• Implement access controls and monitor for exploitation attempts.
• Prioritize patch deployment across all affected environments.
• Review Microsoft’s latest security guidance for mitigation steps.

Tools & Resources

• Cisco’s Model Provenance Kit – an open-source tool for verifying AI model lineage and integrity.
• Agentic Data Pipeline Design Guide – a framework for building autonomous, feedback-driven AI data systems.
• LogicMonitor’s Autonomous IT Platform – integrates AI reasoning for automated remediation and observability.
• Cloud Cost Management Strategies – guidance on reducing data egress costs through compression and caching.
• Cloud vs. Hybrid Cloud Guide – a resource outlining optimal deployment models for performance and efficiency.

If you want to see more from our Newsletter Archive please click here.