Top Stories — Week of May 10, 2026
Hand-picked highlights across AI, cybersecurity, compliance, and IT — updated every week.
🤖 AI & ML
Railway secures $100 million to challenge AWS with AI-native cloud infrastructure
Railway, a San Francisco-based cloud platform, has raised $100 million in a Series B funding round led by TQ Ventures, with participation from FPV Ventures. This funding will be used to challenge legacy cloud infrastructure, particularly in the context of artificial intelligence applications.
VentureBeat → AI NewsClaude Code costs up to $200 a month. Goose does the same thing for free.
Claude Code, an AI agent for coding, offers a range of pricing plans from $20 to $200 per month. In contrast, Goose, another AI agent, provides similar functionality for free.
VentureBeat → AI SecurityTurla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
Turla, a Russian state-sponsored hacking group, has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet. This botnet is designed for stealth and persistent access to compromised hosts.
The Hacker News → AI SecurityFour OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed four security flaws in OpenClaw, collectively known as "Claw Chain," which can be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors.
The Hacker News →⚔️ Threats
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. This vulnerability allows attackers to potentially steal credit card information.
BleepingComputer → Cyber AttacksMicrosoft Exchange, Windows 11 hacked on second day of Pwn2Own
Competitors at Pwn2Own Berlin 2026 exploited zero-day vulnerabilities in Windows 11 and Microsoft Exchange, collecting a total of $385,750 in cash awards. The vulnerabilities were among 15 unique zero-day vulnerabilities found in multiple products.
BleepingComputer → Ransomware & MalwareCisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco has identified a critical vulnerability, CVE-2026-20182, in its Catalyst SD-WAN Controller that allows attackers to gain administrative privileges. This flaw has been actively exploited in zero-day attacks.
BleepingComputer → Ransomware & MalwareOpenAI confirms security breach in TanStack supply chain attack
OpenAI confirmed a security breach in the TanStack supply chain attack, which affected hundreds of npm and PyPI packages. Two of OpenAI's employee devices were compromised in the breach.
BleepingComputer →🔓 Breaches
Patch Tuesday, May 2026 Edition
This month's Patch Tuesday saw widely-used software makers, including Apple, Google, Microsoft, Mozilla, and Oracle, release patches for near-record volumes of security bugs. Artificial intelligence platforms have been effective in identifying vulnerabilities in human-made computer code.
Krebs on Security → Latest BreachesCanvas Breach Disrupts Schools & Colleges Nationwide
A data extortion attack on the Canvas education technology platform has disrupted classes and coursework at US schools and universities. The attack, which defaced the login page with a ransom demand, threatens to leak data from 275 million students and faculty across nearly 9,000 educational institutions.
Krebs on Security → Vulnerabilities & CVEsPraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit CVE-2026-44338, a missing authentication vulnerability in PraisonAI with a CVSS score of 7.3, within four hours of its public disclosure. CVE-2026-44338 exposes sensitive endpoints to unauthorized access, potentially allowing an attacker to invoke certain actions.
The Hacker News → Vulnerabilities & CVEsHow AI Hallucinations Are Creating Real Security Risks
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by generating highly confident yet incorrect outputs based on patterns in its training data. When an AI model lacks certainty, it generates the most probable response, which can be inaccurate.
The Hacker News →📋 Compliance
Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week
The U.S. Small Business Administration has led National Small Business Week for over 60 years. NIST's mission includes driving U.S. innovation and global competitiveness, with the small business community being central to this mission.
Cybersecurity Insights → NIST & FrameworksFrom DMV to Wallet: Understanding Verifiable Digital Credential Issuance
Verifiable digital credential issuance involves structuring and sharing credentials, such as mobile driver's licenses (mDLs), using formats like ISO/IEC 18013-5 and -7 mobile documents (mdocs) or W3C Verifiable Credentials (VCs). The issuance process for mDLs is explored in this blog post, focusing on current practices.
Cybersecurity Insights → Regulatory ComplianceGremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
A new variant of the Gremlin stealer has evolved into a modular toolkit with advanced evasion capabilities. This updated variant also includes data theft capabilities.
Infosecurity Magazine → Regulatory ComplianceMicrosoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
Microsoft has reported a severe zero-day flaw in on-premises installations of Exchange Server, specifically affecting versions 2016, 2019, and Subscription Edition. The vulnerability is present in all versions of these Exchange Server iterations.
Infosecurity Magazine →🏭 Industry
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
A survey of cybersecurity leaders found that over half would consider paying hackers to restore encrypted systems. The survey suggests that a majority of CISOs would strongly consider this option.
Infosecurity Magazine → Healthcare SecurityGlobal Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks
The G7 Cybersecurity Working Group has released a new Software Bill of Materials (SBOM) for AI guidance, outlining seven key data clusters. This move aims to boost transparency and security across AI supply chains.
Infosecurity Magazine → Financial SecurityIn Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Here's a 1-2 sentence factual summary for a tech audience: Nvidia experienced a cloud gaming data breach, and the FBI issued a warning after ShinyHunters hacks Canvas. Additionally, Android 17 includes security upgrades.
SecurityWeek → Financial SecurityMicrosoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft has shared mitigations for CVE-2026-42897, a zero-day vulnerability in Exchange Server, until a permanent patch can be released. The vulnerability is being exploited in the wild.
SecurityWeek →🛠️ Tech & Tools
The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases
The AWS AI Security Framework is a framework designed to help security leaders secure AI workloads as they evolve from prototype to production to scale. It provides a structured approach to assessing and securing AI workloads through a phased framework.
AWS Security Blog → Cloud & DevSecOpsRegional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center
AWS IAM Identity Center now supports regional routing for access portals, allowing customers to implement custom vanity domains for their Identity Center. This feature is part of IAM Identity Center's multi-Region replication, which enables customers to replicate their instance across multiple AWS Regions.
AWS Security Blog → Security Tools & ResearchWhen Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
Unit 42 research has identified AirSnitch attacks that can bypass WPA2/3 Wi-Fi encryption. These attacks also compromise client isolation.
Unit 42 → Security Tools & ResearchFracturing Software Security With Frontier AI Models
Unit 42 research indicates that frontier AI models can enhance vulnerability discovery, enabling autonomous zero-day discovery and faster N-day patching. These AI models act as full-spectrum security researchers.
Unit 42 →