May 2026 security update: Breached trust and supply chains under siege

Today’s threat landscape 

April’s attacks exploited user trust, not technology

The connecting thread through April’s most notable attacks is not technical sophistication - it is trust. In each case, attackers did not break through a defense; they impersonated or subverted something their targets already trusted, and walked through the door. 

The clearest examples involve familiar workplace platforms. A campaign called VENOM targets senior executives by impersonating Microsoft SharePoint notifications - the kind of routine alert employees see dozens of times a week. Once a victim clicks through, their real Microsoft login session is proxied through an attacker-controlled server, capturing both the password and the MFA code in real time; an alternative technique skips passwords entirely by tricking victims into granting device access directly. Microsoft also reported a surge in attacks using fake IT helpdesk accounts on Teams, exploiting the fact that employees treat Teams as a trusted internal channel and apply far less scrutiny to a request arriving there than the same message sent by email. 

A second category exploits trust in the appearance of ordinary files. A technique called emoji smuggling hides malicious code inside Unicode characters - emojis and special symbols - embedded in standard office documents. Because the payload looks like decorative text rather than a suspicious link or known malware signature, it passes automated security checks undetected and executes only when the document is opened. The same logic applies to AI assistants: Google’s security researchers documented a technique called indirect prompt injection, in which attackers hide instructions inside web pages or documents that an AI reads on a user’s behalf. Just as VENOM exploits trust in a familiar notification, prompt injection exploits the trust a user places in their AI assistant to act faithfully on their behalf - when it processes the compromised content, it unknowingly follows the attacker's instructions instead, potentially extracting or forwarding sensitive information with no visible sign anything has gone wrong. 

Top 3 vulnerabilities 

A PDF in your inbox: The actively exploited Adobe vulnerability

A prototype pollution vulnerability (CVE-2026-34621 with CVSS 8.6) in the JavaScript engine has been found embedded in Adobe Acrobat and Acrobat Reader - software used by hundreds of millions of people worldwide to view, sign, and create PDF documents. Prototype pollution is a JavaScript-specific class of vulnerability in which an attacker manipulates the internal blueprint that all objects in an application share, injecting malicious properties that alter the program’s behavior. Here, a specially crafted PDF exploits that mechanism to execute arbitrary code on the victim’s device - with no required interaction beyond opening the file. 

That last detail matters. Because exploitation depends entirely on a user opening a malicious PDF, phishing is the most realistic delivery method, and PDFs are among the most routinely shared documents in business. Adobe confirmed active exploitation dating to at least December 2025, and CISA has since added the vulnerability to its Known Exploited Vulnerabilities catalog. Adobe has released patches across all supported product lines and anyone running Acrobat DC, Acrobat Reader DC, or Acrobat 2024 on Windows or macOS should treat this update as a priority.

No authentication required: A SharePoint vulnerability lets attackers walk right in 

An authentication bypass vulnerability (CVE-2026-32201 with CVSS 6.5) was found in on-premise deployments of Microsoft SharePoint Server - the platform organizations use to host internal document libraries, intranets, and collaborative workspaces. The root cause is improper validation of incoming network requests: an attacker can send crafted requests that the server incorrectly accepts as legitimate, bypassing the authentication layer entirely without credentials or any prior access. Once through, the attacker can conduct spoofing attacks, opening the door to credential theft or further phishing campaigns against the organization’s users. 

Microsoft disclosed and patched the vulnerability on April 14, 2026 as part of its monthly Patch Tuesday release, which addressed 169 vulnerabilities in total, and CISA added it to its Known Exploited Vulnerabilities catalog the same day. The vulnerability affects SharePoint Server 2016, 2019, and the current Subscription Edition - organizations running any of these on-premise should treat the relevant update packages as an immediate priority. For those unable to patch right away, firewall rules restricting network access to SharePoint from untrusted sources serve as a useful compensating control.

How a tampered Composer file can own a developer’s machine

Two command injection vulnerabilities in PHP Composer - the near-universal dependency manager used by PHP developers to install and manage software libraries - allow a malicious project file to execute arbitrary operating system commands on a developer’s machine during routine package operations. In both CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8), the root cause is the same: Composer passes certain configuration values directly to the operating system without first checking whether they contain hidden commands. An attacker can exploit this by publishing a malicious project or sending a developer a tampered configuration file - as soon as that developer runs Composer, the hidden commands execute on their machine. CVE-2026-40261 is the more notable of the two, because it triggers even without the Perforce version-control tool installed, a dependency one might reasonably assume was required. The practical implication is straightforward: running Composer against any project from an untrusted source is sufficient to compromise the developer’s machine. 

No active exploitation has been confirmed. Fixes are available in Composer 2.9.6 and 2.2.27 and developers should update immediately via the command ’composer self-update’. Until the update is applied, run Composer only against projects from trusted sources and install packages from pre-built archives rather than from source.

Industry news 

Attackers target shared infrastructure – and enforcement keeps pace

The most consequential attacks in April share a common approach: rather than targeting organizations directly, attackers are compromising the shared platforms and vendors that serve many organizations at once. The ransomware attack on ChipSoft - whose HiX platform handles patient records and provider-patient communication for approximately 70% of Dutch hospitals - illustrates the systemic risk this creates. When ChipSoft was forced to take platforms offline on 7 April, at least 11 hospitals simultaneously reverted to telephone-based communication and increased manual staffing. ChipSoft acknowledged it could not rule out unauthorized access to patient data, though Dutch healthcare cyber security body Z-CERT confirmed no critical medical processes came to a standstill. A single compromise, one vendor, immediate propagation across a large proportion of a country’s hospital network. 

The ShinyHunters group applied the same logic commercially, issuing pay-or-leak ultimatums to Zara (Inditex), Carnival Corporation, and 7-Eleven after exploiting a shared third-party cloud or marketing platform rather than breaching the companies directly - claiming over nine million combined records including customer transaction histories, passenger data, and loyalty program information. The group used an identical supply chain approach in the Vercel incident, where a compromised employee at AI platform Context.ai led to unauthorized access to Vercel’s internal environment, exposing employee records, API keys, and internal dashboard screenshots. 

On the other hand, April brought meaningful headway. Operation PowerOFF - coordinated by Europol across 21 countries - identified more than 75,000 individuals using DDoS-for-hire services, took down 53 domains, issued 25 search warrants, and made four arrests. Notably, the operation included awareness campaigns aimed at younger users who may not realize that renting DDoS attack capacity, even framed as a “stress testing” service, constitutes criminal activity. 

ENISA also published NCAF 2.0, an updated national cyber security assessment framework aligned with the NIS2 Directive, giving EU Member State policymakers a practical tool to measure the maturity of their national cyber security strategies, identify capability gaps, and prepare for voluntary peer reviews. Looking further ahead, FIRST CEO Chris Gibson called for expanded funding of the global CVE program and predicted that AI developers, including Anthropic and OpenAI, could become official CVE Numbering Authorities before the end of 2026 - a signal of how deeply AI capability is becoming intertwined with the vulnerability management ecosystem.