CIRCLE WITH A DOT

Microsoft's May 2026 update fixes 137 vulnerabilities, including 31 critical flaws. Netlogon and DNS Client RCE risks pose serious threats to domain controllers. #InfoSec https://deafnews.it/en/article/may-2026-patch-tuesday-137-flaws-and-the-domain-controller-threat

TrendAI patches an actively exploited Apex One zero-day (CVE-2026-34926). CISA mandates remediation by June 4. #Cybersecurity #InfoSec https://deafnews.it/en/article/trendai-fixes-actively-exploited-apex-one-zero-day-cisa-sets-june-4-patch-deadline

Average breakout times fell 29%, with records as low as six minutes. Manual security is failing against AI-driven threats. #Cybersecurity #AI https://deafnews.it/en/article/30-minute-lateral-breakouts-why-the-soc-is-losing-the-race-against-ai-driven-threats

Cisco Talos uses generative honeypots to deceive automated AI threats by exploiting their lack of contextual awareness. https://deafnews.it/en/article/talos-unveils-ai-honeypots-to-trap-malicious-agents-the-rise-of-cognitive-warfare #Cybersecurity #AI

Unit 42 found 18 AI extensions that deploy RATs and spy on emails. These malicious tools masquerade as productivity aids. #Cybersecurity #AI https://deafnews.it/en/article/18-malicious-ai-extensions-exposed-unit-42-details-email-spying-and-rat-risks

Microsoft confirms two Defender zero-days are under active attack. CISA mandates patches by June 3. #Cybersecurity #InfoSec https://deafnews.it/en/article/microsoft-defender-zero-days-under-active-attack-cisa-mandates-patching-by-june-3

1Password and OpenAI partner to provide just-in-time credentials for AI coding agents, reducing the risk of secret leakage in prompts. #Cybersecurity #AI https://deafnews.it/en/article/1password-and-openai-partner-to-provide-just-in-time-credentials-for-ai-agents

CERT-AGID identifies a phishing campaign targeting the Italian Revenue Agency via cloned SPID portals and pre-filled emails to compromise users. https://deafnews.it/en/article/phishing-agenzia-delle-entrate-clone-spid-con-email-precompilata #Cybersecurity

The 2026 Verizon DBIR reveals vulnerability exploitation is now the leading breach vector at 31%, surpassing credential abuse. This shift comes as the median patching cycle slows to 43 days. https://deafnews.it/en/article/dbir-2026-exploit-supera-credenziali-patching-in-crisi

Drupal will release a highly critical core patch on May 20. Security teams warn that functional exploits are expected within hours of the release. #Cybersecurity #InfoSec https://deafnews.it/en/article/drupal-patch-highly-critical-il-20-maggio-exploit-in-ore

Seven critical flaws in SEPPMail Secure E-Mail Gateway, including CVSS 10.0 vulnerabilities, allow unauthenticated RCE and email interception. Patches are now available. https://deafnews.it/en/article/seppmail-7-cve-critiche-aprono-tutta-la-posta-aziendale #Cybersecurity

CISA adds CVE-2026-6973 to its KEV catalog. The Ivanti Endpoint Manager Mobile zero-day allows authenticated RCE and is under active exploitation. #Cybersecurity #InfoSec https://deafnews.it/en/article/ivanti-epmm-zero-day-cisa-inserisce-cve-2026-6973-nel-kev

Siemens patched a high-severity heap overflow in Simcenter Femap’s Datakit library. The vulnerability allows remote code execution via crafted IPT files. #Cybersecurity #InfoSec https://deafnews.it/en/article/siemens-femap-heap-overflow-in-file-ipt-apre-a-rce