Security news.
Today's cybersecurity news highlights a critical Windows BitLocker zero-day with a public PoC, alongside Foxconn confirming a cyberattack on its North American factories by the Nitrogen ransomware group. Microsoft also released its monthly Patch Tuesday updates, addressing 138 vulnerabilities, including a critical zero
Windows BitLocker zero-day gives access to protected drives, PoC released
A researcher has published PoC exploits for two unpatched Windows vulnerabilities, YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw respectively.
Foxconn Confirms North American Factories Hit by Cyberattack
The Nitrogen ransomware group claims responsibility for hacking Foxconn's systems, stealing 8TB of data, including confidential documents, from its North American operations.
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft's May 2026 Patch Tuesday addresses 138 security vulnerabilities, with 30 rated Critical, including a critical zero-click Outlook vulnerability (CVE-2026-40361).
Fortinet, Ivanti Patch Critical Vulnerabilities
Fortinet and Ivanti have released patches for critical vulnerabilities that could lead to arbitrary code execution and information disclosure if successfully exploited.
Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities
Intel and AMD have collectively published over two dozen advisories, patching 70 security defects in their products.
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
RubyGems has temporarily paused new account sign-ups following a "major malicious attack" where over 500 malicious packages were pushed, seemingly targeting the registry itself.
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A China-affiliated threat actor, FamousSparrow (aka UAT-9244), has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and February 2026.
Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
Microsoft's MDASH AI system discovered 16 of the Patch Tuesday vulnerabilities, while Palo Alto Networks used Mythos to find dozens of flaws, demonstrating AI's growing role in vulnerability discovery.