May 2026

May’s Patch Tuesday may not be the giant release many expected, but there are still plenty of important fixes that shouldn’t be ignored.

Researchers found a ClickFix campaign that uses fake Claude setup guides to trick Mac users into infecting themselves.

Cifas just published research that should bother anyone who runs a business, or buys from one.

Instructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work.

A researcher found a host of vulnerabilities in Yarbo garden robots that could expose Wi-Fi passwords, hijack cameras, and run over their owners on command.

A list of topics we covered in the week of May 4 to May 10 of 2026

A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised.

Days after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals.

AI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign, exposing it only to likely targets.

A UK report finds some progress since the Act came into force, but widespread workarounds, ongoing harm, and unresolved privacy concerns suggest the impact is still limited.