Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-13 08:00 PDT
- Microsoft fixes Windows Autopatch bug installing restricted drivers
BleepingComputer • 2026-05-13 07:36 • www.bleepingcomputer.com
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-autopatch-bug-installing-restricted-drivers/ - Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News • 2026-05-13 06:46 • thehackernews.com
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview.
MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability
https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html - Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News • 2026-05-13 06:00 • thehackernews.com
A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.
The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of
https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html - Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
BleepingComputer • 2026-05-13 05:49 • www.bleepingcomputer.com
Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. […]
https://www.bleepingcomputer.com/news/security/electronics-giant-foxconn-confirms-cyberattack-on-north-american-factories/ - 73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
BleepingComputer • 2026-05-13 05:30 • www.bleepingcomputer.com
Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. […]
https://www.bleepingcomputer.com/news/security/73-seconds-to-breach-24-hours-to-patch-the-case-for-autonomous-validation/ - Microsoft says some users can't install Office on Windows 365 devices
BleepingComputer • 2026-05-13 04:53 • www.bleepingcomputer.com
Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-some-users-cant-install-office-on-windows-365-devices/ - [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News • 2026-05-13 04:52 • thehackernews.com
TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here.
Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them.
The real danger? While
https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html - Most Remediation Programs Never Confirm the Fix Actually Worked
The Hacker News • 2026-05-13 04:30 • thehackernews.com
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed.
Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear
https://thehackernews.com/2026/05/most-remediation-programs-never-confirm.html - OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
Schneier on Security • 2026-05-13 04:03 • www.schneier.comThe UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available.
Here is the Institute’s evaluation of Mythos.
And here is an analysis of a smaller…
https://www.schneier.com/blog/archives/2026/05/openais-gpt-5-5-is-as-good-as-mythos-at-finding-security-vulnerabilities.html - Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News • 2026-05-13 03:36 • thehackernews.com
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack.
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by
https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
