GTIG named the first criminal LLM-generated zero-day and the actor cluster that stole Cisco AI Defense source code. CISA gave federal agencies until 29 May to fix an Exchange flaw Microsoft has not patched. The ICO fined a UK water company £963,900.
UNC6780 breached Cisco AI Defense source code and the AI-proxy stack it defends in the same week, while CISA set a second unpatchable federal deadline.
Google's Threat Intelligence Group documented the first criminal use of a Large Language Model to write a working zero-day, a Python 2FA bypass intercepted before mass deployment, alongside four AI-augmented threat clusters spanning DPRK-, PRC- and Russia-nexus operators.
On 11 May 2026, Google's Threat Intelligence Group confirmed a first: a criminal actor used an AI chatbot to write a working zero-day exploit. The exploit was a Python bypass of two-step login, intercepted before mass use. The report also named four state-linked clusters using AI tools in their operations.
AI wrote a functional attack from scratch for the first time. The incident has a named actor, a named file type, and a confirmed interception date.
Google's Threat Intelligence Group named UNC6780 as the cluster that cloned more than 300 private Cisco GitHub repositories, including the source code of Cisco AI Defense, using SANDCLOCK-stolen credentials from the Trivy supply-chain compromise.
On 11 May 2026, Google's Threat Intelligence Group named UNC6780 as the group behind the theft of over 300 private Cisco GitHub repositories. The haul included the source code of Cisco AI Defense. The group gained access by first breaking into Trivy, a security scanning tool, to steal developer passwords.
UNC6780 used the same supply-chain pivot as the 2020 SolarWinds attack. It targeted the tool that audits code rather than the code itself.
CISA added Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) to the KEV catalogue on 14 May with a three-day federal deadline, after UAT-8616 was confirmed exploiting the authentication bypass over DTLS port 12346 with SSH key injection and log clearing.
US cyber authorities added a maximum-severity flaw in Cisco's network-management software to their urgent patch list on 14 May 2026. Government agencies had three days to fix it. A China-linked hacking group was already exploiting the flaw to plant hidden access in networks.
This is the sixth Cisco networking vulnerability actively exploited in 2026. The group's tools connect to the same hacking infrastructure the FBI and fifteen other agencies named in April as Chinese state-sponsored.
UNC6780 exploited LiteLLM CVE-2026-42208 within 36 hours of the KEV addition, compressing the defender's patch window to roughly one-sixth of the typical enterprise cycle and pulling AWS keys and GitHub tokens out of the open-source LLM proxy.
LiteLLM is the open-source software many companies use to connect their applications to AI models like ChatGPT. Hackers broke in within 36 hours of a critical flaw being flagged by US authorities on 8 May 2026. The same group that stole Cisco's AI security software ran this attack.
Most organisations take five to ten days to patch urgent flaws. This one was breached before most IT Teams had read the alert.
CISA added Exchange Server CVE-2026-42897 to KEV on 15 May with a 29 May federal deadline before Microsoft had shipped a patch, leaving on-premises operators with only the Exchange Emergency Mitigation Service URL-rewrite as a compliance route.
US cyber authorities told federal agencies on 15 May 2026 to fix a flaw in Microsoft's Exchange email server by 29 May. Microsoft had not released a patch. Agencies could only apply a workaround that partially breaks some email features.
This was the second mandatory deadline in twelve days set before a vendor fix existed. Binding Operational Directive 22-01, the 2021 rule that makes these deadlines mandatory, was written when patches always existed.
The Information Commissioner's Office fined South Staffordshire Water £963,900 on 12 May for a 2022 ransomware intrusion that dwelled for 20 months undetected, found only 5 percent of the IT estate monitored, and exfiltrated 4.1 terabytes affecting 633,887 individuals.
The UK's privacy regulator fined South Staffordshire Water £963,900 on 12 May 2026 for a 2022 ransomware attack. Hackers spent 20 months inside the network undetected and stole 4.1 terabytes of data. The company was monitoring just 5 percent of its IT systems.
The ruling extends a template first applied to Capita in March 2026. UK cyber security guidance is now treated as a legally enforceable standard for water utilities.
West Pharmaceutical Services filed a material-event 8-K with the SEC on 7 May disclosing a ransomware incident detected three days earlier that took global shipping, manufacturing, and shared services offline, with Palo Alto Networks Unit 42 engaged as forensic responder.
West Pharmaceutical Services makes drug-delivery components for pharmaceutical firms worldwide. On 7 May 2026, it told the US stock market regulator that ransomware detected on 4 May had shut down its global manufacturing and shipping.
This is the second listed manufacturer in thirty days to report a ransomware halt without naming the attacker. Under the US Securities and Exchange Commission's 2023 disclosure rule, operational impact alone triggers the legal obligation.
RansomHouse posted alleged internal system screenshots from inside Trellix to its leak site on or around 11 May, 24 days after the 17 April intrusion and 21 days after Trellix's 8 May self-disclosure, withholding the full source-code dump as extortion leverage.
RansomHouse posted screenshots showing access to Trellix's internal systems on 11 May 2026, 24 days after breaking in on 17 April. The screenshots show the security vendor's appliance management console, virtual machines, backup systems, and storage. Trellix confirmed the breach but said the source code had not been altered.
RansomHouse is holding the full data dump as leverage. Trellix sells security software to enterprises, making the breach of a defender's own infrastructure a second-order risk for Trellix's customers.
Rhysida named Landeshauptstadt Stuttgart on its leak site on Tuesday 19 May with a double-extortion data-dump threat. Stuttgart is the state capital of Baden-Wuerttemberg and home to the corporate headquarters of Porsche and Mercedes-Benz.
Ransomware gang Rhysida posted a double-extortion threat against Stuttgart's city government on 19 May 2026, demanding a ransom or threatening to publish stolen data. Stuttgart is the capital of Baden-Wuerttemberg and home to the headquarters of Porsche and Mercedes-Benz.
Rhysida previously hit the British Library in November 2023, causing over a year of disruption. Stuttgart's city records include planning, procurement, and supplier data that touches both automotive companies' German operations.
Google's Threat Intelligence Group confirmed two additional npm packages distributing the DPRK-linked WAVESHAPER.V2 backdoor beyond Axios: @shadanai/openclaw and @qqbrowser/openclaw-qbot, picked up through automated dependency resolution on 31 March.
On 11 May 2026, Google's Threat Intelligence Group confirmed that two more packages carried the same North Korea-linked backdoor UNC1069 planted on 31 March. The packages are @shadanai/openclaw and @qqbrowser/openclaw-qbot, seeded via the same attack that hit the Axios library.
Developers who never installed Axios received the malware through automated dependency resolution. UNC1069 appears to have used at least three packages across the same 31 March injection window.
Microsoft's 13 May Patch Tuesday shipped 120 CVEs with no zero-days exploited in the wild, breaking what would have been a 22-month streak since July 2024. Two out-of-band KEV additions inside 48 hours reset the picture.
Microsoft's monthly security update on 13 May 2026 covered 120 flaws with no patches for actively exploited vulnerabilities. That ended a streak running back to July 2024. The apparent good news lasted less than 48 hours.
US authorities added two actively exploited flaws within two days: one in Cisco's network software, one in Microsoft's own email server. The monthly patch cycle no longer sets the meaningful deadline for defenders.
The next decision point is whether Cisco confirms the full repository scope beyond the named Cisco AI Defense and AI Assistant projects; UNC6780's potential visibility into unreleased products could accelerate the next SD-WAN exploit cycle. The sixth Cisco SD-WAN CVE in 2026, with CVSS 10.0 and a three-day federal deadline, is already the fastest-moving precedent in the product line's KEV history. If RansomHouse publishes the Trellix source-code dump before CISA's 29 May Exchange deadline, the threat-intelligence vendor market faces a trust problem analogous to SolarWinds Orion 2020: detection tooling with its source code in attacker hands. A third BOD 22-01 breach inside thirty days would shift the pattern from posture-signal to governance failure.
