![Cybersecurity News | Daily Recap [13 May 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [13 May 2026]")
Daily Recap, Microsoft pushed May Patch Tuesday fixes for 137 vulnerabilities (including 13 critical flaws) and addressed a zero-click Outlook issue, while Fortinet flagged critical RCE risks in FortiSandbox and FortiAuthenticator and Exim disclosed a BDAT flaw impacting GnuTLS-built systems. Across supply chain and incidents, RubyGems suspended new signups after hundreds of malicious packages tied to the Mini Shai-Hulud campaign, while Foxconn confirmed disruption tied to the Nitrogen ransomware gang and OpenLoop Health disclosed exposure affecting 716,000 people.
#MayPatchTuesday #Outlook #FortiSandbox #FortiAuthenticator #Exim #GnuTLS #RubyGems #MiniShaiHulud #TrickMo #TONC2 #Foxconn #Nitrogen #OpenLoopHealth #Canvas #Instructure #Daybreak #Exaforce #WhiteCircle #Android17 #Signal
#MayPatchTuesday #Outlook #FortiSandbox #FortiAuthenticator #Exim #GnuTLS #RubyGems #MiniShaiHulud #TrickMo #TONC2 #Foxconn #Nitrogen #OpenLoopHealth #Canvas #Instructure #Daybreak #Exaforce #WhiteCircle #Android17 #Signal
Patch Roundup
- Microsoft rolled out May Patch Tuesday fixes for 137 vulnerabilities including 13 critical flaws, plus a zero-click Outlook issue and a Windows 10 extended security update. β Patch Tuesday, 137 Bugs, Outlook Fix, Win10 Update
- Fortinet warned of critical RCE flaws in FortiSandbox and FortiAuthenticator, while Adobe patched 52 vulnerabilities across 10 products. β Fortinet RCE, Adobe Fixes
- Exim disclosed a BDAT flaw that could enable code execution on GnuTLS-built systems, adding another high-risk mail-server issue to the dayβs patch list. β Exim Flaw
Supply Chain
- RubyGems suspended new signups after hundreds of malicious packages were uploaded, as the Mini Shai-Hulud campaign spread through the open-source ecosystem. β RubyGems Halt, Mini Shai-Hulud
- A new TrickMo variant uses TON C2 and SOCKS5 to build Android network pivots, signaling more advanced mobile malware tradecraft. β TrickMo Variant
Breaches & Incidents
- Foxconn confirmed a cyberattack claimed by the Nitrogen ransomware gang that disrupted North American factories. β Foxconn Attack, Factory Impact
- Instructure faces government scrutiny after a major Canvas disruption and data breach, with U.S. officials seeking testimony over the incident. β Canvas Probe, US Testimony
- OpenLoop Health disclosed a breach affecting 716,000 people, while BWH Hotels said attackers had access to reservation data for 6 months. β OpenLoop Breach, BWH Breach
- Ε koda warned of a customer data breach after its online shop was hacked, and a UK water supplier was fined $1.3M for exposing data on 664k customers. β Ε koda Breach, UK Fine
AI & Security
- OpenAI unveiled Daybreak as its answer to the AI cyber-arms race, while major economies published guidance on an AI βingredients listβ and Exaforce and White Circle raised $125M and $11M respectively for AI security platforms. β Daybreak, AI Guidance, Exaforce, White Circle
- Google and Amnesty International teamed up to make spyware vendors harder to hide, while Signal added warnings for social engineering and phishing attacks. β Spyware Logging, Signal Warnings
- Android 17 is set to expand protections against banking scam calls and privacy abuse, reinforcing mobile anti-fraud defenses. β Android 17
Cloud & Enterprise
- Microsoft said some users canβt install Office on Windows 365 devices, causing an availability issue for enterprise admins. β Windows 365
- A report on autonomous validation argued that attackers can breach in as little as 73 seconds, while patching still takes about 24 hours, underscoring the gap in incident response. β Autonomous Validation
- A webinar focused on closing gaps in network incident response, highlighting operational resilience as a key defense priority. β Incident Response