Infosec bits for 2026 week 20

Zoya Vilakazi | May 15, 2026, 4:10 p.m.

Cybersecurity News:

Rocky Linux launches opt-in security repository for urgent fixes [Sinisa Markovic, Help Net Security]

Panic at the Distro [Chris Ryan and Uttie Gumbula, Huntress]

G7 Countries Release AI SBOM Guidance [Eduard Kovacs, Security Week]

Frontier AI models reap rapid discovery of security vulnerabilities [David Jones, Cybersecurity Dive]

Ransomware is now less about malware and more about impersonation [Eric Geller, Cybersecurity Dive]

Vulnerabilities and Patches:

New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes [Guru Baran, Cybersecurity News]

Microsoft warns of Exchange zero-day flaw exploited in attacks [Sergiu Gatlan, Bleeping Computer]

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild [Nate Nelson, Dark Reading]

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws [Ravie Lakshmanan, The Hacker News]

Fortinet, Ivanti Patch Critical Vulnerabilities [Ionut Arghire, Security Week]

High-Severity Vulnerability Patched in VMware Fusion [Eduard Kovacs, Security Week]

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin [Bill Toulas, Bleeping Computer]

Ransomware:

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files [Jessica Lyons, The Register]

Durban hospital targeted in ransomware incident [Wendy Jasson Da Costa, IOL]