Latest Internet & Cybersecurity News
Global ransomware activity rose in May, led by Qilin, The Gentlemen, and DragonForce
Comparitech recorded 661 ransomware attacks worldwide in May 2026, a 3% increase from April, though activity remained below early-year highs. Education saw the sharpest rise, while the U.S. stayed the most targeted country and nearly 115 TB of data was reportedly stolen across incidents.
Education sector sees the steepest ransomware spike
Comparitech’s data showed education organizations experienced a 54% month-over-month jump in ransomware attacks in May. The report also noted that businesses remained the main target overall, with 581 of 661 attacks affecting companies.
CISA warns hackers are actively exploiting patched SolarWinds Serv-U flaw
BleepingComputer reported that CISA said attackers are now exploiting a recently patched high-severity SolarWinds Serv-U vulnerability to crash servers. The alert highlights how quickly public patching can be followed by real-world exploitation.
New HTTP/2 bomb denial-of-service attack can crash web servers in under a minute
BleepingComputer highlighted a new denial-of-service technique dubbed the “HTTP/2 Bomb,” which can overwhelm and crash vulnerable web servers very quickly. The report underscores ongoing protocol-level abuse against internet-facing infrastructure.
Cisco zero-day in Catalyst SD-WAN Manager is being actively exploited
Cisco warned of an unpatched high-severity zero-day, tracked as CVE-2026-20245, affecting Catalyst SD-WAN Manager and enabling root privilege escalation. The issue is already being exploited in attacks, increasing urgency for affected operators.
Cisco patches critical Unified CM flaw that could grant root access
Cisco released security updates for a critical vulnerability in Unified Communications Manager that could let attackers gain root privileges. The patch adds to a broader wave of urgent vendor remediation across enterprise networking products.
Thousands of automatic tank gauge systems found exposed online
BleepingComputer reported that more than 900 automatic tank gauge systems across the U.S. were exposed online, creating risk for attacks against fuel and chemical storage monitoring. The exposure raises concern for critical infrastructure security and operational disruption.
Suspicious sign-in screens reported on Toshiba and Muji websites
Visitors to Toshiba and Muji websites were warned about suspicious sign-in screens that could collect credentials, suggesting a potential credential-harvesting or web compromise issue. The incident reflects continued abuse of trusted brands for account theft.
Cyber insurers move toward continuous monitoring plus coverage
SberInsurance said it is launching a program that combines continuous monitoring of a business’s IT environment with cyber insurance. The model reflects a growing industry shift toward tying insurance to ongoing security visibility and risk management.
AI-driven demand boosts Rubrik’s cybersecurity results
Rubrik reported its strongest quarter on record and raised its outlook, with commentary pointing to AI-related demand as a key driver. The result suggests that enterprise spending on cyber resilience and data protection remains strong.
Hands-on cybersecurity training continues in Madrid this week
SANS Madrid June 2026 is underway with hands-on cybersecurity courses from June 1–6. The event signals continued global demand for practitioner training amid a fast-moving threat environment.