Microsoft assigned CVE-2026-45585 to YellowKey: strip autofstx.exe from WinRE BootExecute and move TPM-only BitLocker to TPM+PIN. No patch ETA; Chaotic Eclipse claims a TPM+PIN bypass PoC.
DirtyDecrypt PoC proves local root via Linux RxGK page cache writes on Fedora, Arch, and Tumbleweed with CONFIG_RXGK=y. NVD describes CVE-2026-31635 only as a DoS; Ubuntu LTS and Debian stable stock kernels are not affected. Check commands and container mitigation included.
The May 19 Mini Shai-Hulud wave compromised 314 npm packages under @antv via the `atool` maintainer account. After rolling back lockfiles, payload entry points stay behind in .claude/settings.json SessionStart hooks, .vscode/tasks.json folderOpen tasks, systemd user services, and .github/workflows/codeql.yml. Concrete IoCs and the gh-token-monitor wipe ordering before rotation.
GitHub is investigating TeamPCP's $50K+ sale of ~4,000 internal repos. Count called 'directionally consistent' by GitHub; file list and the VS Code extension attack vector remain unverified.
Chaotic Eclipse's MiniPlasma takes SYSTEM on fully patched Windows 11 May 2026 by re-triggering CVE-2020-17103 in cldflt.sys, the same bug James Forshaw reported in 2020 and Microsoft supposedly fixed that December. Will Dormann confirmed the PoC works; the latest Insider Canary blocks it. No new CVE assigned yet, and the regression sits next to the actively exploited CVE-2025-62221 in the same driver.
SANS ISC (2026-04-30): a fake Homebrew Google sponsored ad drops MacSync Stealer through a 225-byte zsh that fans out into 1,448- and 2,647-byte stages, fakes a 'System Preferences' osascript dialog, and ships Keychain, browser data, crypto wallets, and `.ssh` to glowmedaesthetics[.]com over plain HTTP. IoCs, detection points, and MITRE ATT&CK mapping included.
Chaotic Eclipse released YellowKey and GreenPlasma PoCs one day after May 2026 Patch Tuesday. A USB-borne FsTx folder plus a Ctrl-key reboot drops cmd.exe inside WinRE on a BitLocker-protected machine. Covers WinRE-only behavior, the CTFMON SYSTEM elevation path, the RedSun silent-patch dispute, and what defenders can actually do while unpatched.
May 12: TeamPCP open-sourced the Shai-Hulud worm on GitHub. Datadog mapped its module pipeline (Loader/Provider/Collector/Dispatcher/Sender/Mutator) and Claude Code SessionStart hook for persistence. May 15: BreachForums opened a paid attack challenge. Detection notes for the copycat wave.
What to patch, rotate, and grep after OpenClaw 2026.4.22. Walks CVE-2026-44112/44113/44115/44118 as one chain on agent runtime, with detection log fields and 24h/1w response steps.
Malicious node-ipc 9.1.6/9.2.3/12.0.1 fire on require(), not postinstall. 12.0.1 is SHA-256 gated (targeted), so a working app isn't safe. Exfils dev/CI secrets via DNS TXT.
Out-of-bounds read in Ollama's GGUF loader before 0.17.1. If your Ollama API is network-accessible, a crafted model file can exfiltrate env vars, API keys, system prompts, and conversation fragments from process memory.