May 2026
Threat hunters find Google API keys still usable 23 minutes after deletion
Plenty of time for cyber crims to grab data or hit you with a giant bill
HackerOne takes an axe to its bug bounty rewards
Critical flaw payouts slashed by more than 75%
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
Microsoft storms RAMPART, adds Clarity to agentic AI safety
Redmond open sources two tools for building and maintaining safer agents
Zombie user account let hackers control the city’s water
Failing to disable a former employee’s account was a huge mistake
Even Claude agrees: hole in its sandbox was real and dangerous
Another day, another AI bug silently fixed with no CVE and no public disclosure
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
Initial assessment says customer data spared while users wonder what else may have slipped out
London’s police asked Big Tech for comms data over 700,000 times last year
A Freedom of Information Act request shows the extent of the surveillance
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
'Thousands' of US victims, including 12+ machines owned and operated by Redmond