In May, we saw the largest number of high-profile data disclosures I have ever seen. We also saw several high and critical vulnerability disclosures from 7-Zip, Ubiquiti, Linux, Microsoft, Google, Apple, and Adobe, along with an FBI warning about in-person data theft. Most importantly, we are seeing an alarming rise in supply-chain attacks targeting open-source tools and public repositories, impacting every business, not just software developers.

Data Breaches:

Businesses across healthcare, retail, software, and travel are included in the list below. Once a disclosure occurs, the data cannot be taken back. Personal account information, financial records, and health records may already be exposed.

Awareness and defensive action are key to protecting yourself and your loved ones. If you use any of these institutions, consider sharing feedback and using your purchasing decisions to make your concerns known. Until these events affect business outcomes, many organizations will not take these risks seriously. Most of these disclosures involve incidents that occurred months earlier, meaning victims may already have been targeted by fraudsters.

Patched Vulnerabilities and In-Person Attacks:

Patches have been released by Microsoft, Adobe, Google, 7-Zip, Ubiquiti, Apple, and others. Several critical Linux kernel-level vulnerabilities also require patching. Because kernel vulnerabilities affect the operating system itself, remediation may require reboots, image updates, and additional planning.

7-Zip is a widely used open-source compression utility found on millions of PCs. It is an excellent tool, but it has no native patching mechanism, so it is often left unpatched.

The FBI is also warning of in-person data theft attacks targeting legal and financial institutions.

Supply Chain Attacks and Public Repositories:

You may hear about supply-chain attacks and think they do not apply to you because you are not a developer. Unfortunately, they do.

Open-source tools and public repositories such as PyPI, npm, and GitHub are used by developers, individuals downloading tools online, commercial software vendors, and AI chatbots that retrieve code when solving problems. Think of supply-chain attacks like poisoning the local water supply. People trust commonly used tools the same way they trust water from the faucet. Attackers exploit that trust to move malicious code into circulation.

This is a serious and growing problem, and there is no simple solution.

What do I need to do?

• Patched Vulnerabilities and In-person Attacks:
  • Microsoft Windows/Apple/Acrobat/Google/7-Zip: For our clients who subscribe to our security and management tools, your computers should have begun receiving updates the 3^rd week of May. Users should complete the installation of patches when prompted and not delay or defer them. Updates can be manually installed following the directions below:
    • Microsoft Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
    • Adobe Acrobat/Creative Cloud: From within the Adobe programs choose the Help Menu and select Check for Updates,’ which triggers update process. Or use the Creative Cloud desktop agent: https://helpx.adobe.com/creative-cloud/apps/manage-apps/creative-cloud-apps/update-creative-cloud-apps-automatically.html
    • 7-Zip: Advise users who use Remote Desktop software of the new notices they’ll potentially be seeing. Provide them with the following linked Microsoft article explaining the new alerts: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings
    • Google Chrome: https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
    • Apple: https://support.apple.com/en-us/108382
  • Unifi Ubiquiti: https://help.ui.com/hc/en-us/articles/7605005245975-UniFi-Updates
  • Linux: Linux is the foundation of many commercial systems, off-the-shelf tools, and public cloud environments. Most Linux-based systems may be affected by the current list of kernel-based vulnerabilities. Updates to Docker images, Kubernetes clusters, and many commercial systems may be required. Create an inventory of Linux-based systems in your environment, then review each one to verify exposure and apply the necessary updates.
  • In-person data theft: Clarify visitor policies and ensure guests are properly vetted and authorized. Remind staff how IT support will identify and authenticate themselves before accessing employee systems or information.
• Data Breaches:

Staff should be informed of the recent data breaches and understand they may be targeted for fraud. They should be cautious with inbound requests from financial or healthcare institutions and validate requests by calling known phone numbers from official documentation or the institution’s website, not from Google search results. Everyone should also consider freezing their credit with the three major credit bureaus:

• • Equifax Credit Freeze: https://www.equifax.com/personal/credit-report-services/credit-freeze/ 
  • Experian Credit Freeze: https://www.experian.com/freeze/center.html
  • TransUnion Credit Freeze: https://www.transunion.com/credit-freeze
• Supply Chain Attacks and Public Repositories:

We need to begin educating staff about the risks of public and open-source repositories. We can no longer rely solely on the reputation of online sources. We need a process to evaluate, record, and respond to future disclosures. I recommend developing an internal policy that addresses the following:

• • Any use of online source code should be recorded in a shared location, including the tool, code, and version used.
  • If your team develops software, maintain an up-to-date Software Bill of Materials, or SBOM.
  • Consider using prior releases of online code to reduce the risk of using newly poisoned packages.
  • Regularly review code logs and SBOMs to identify whether affected software has been used in your environment.
  • If using LLMs or AI tools, never share critical data or credentials until you can validate what underlying tools or code the model is invoking. If the LLM downloads or uses compromised open-source code, you may expose data shared with the model.

QuickTip: Copying code, or even text, from the internet can be dangerous. Sometimes attackers display one thing on a webpage but copy something entirely different to your clipboard. Before running any code or commands found online, paste them into a plain text editor such as Notepad on Windows or TextEdit on Mac to confirm you copied what you expected.

Additional Resource and Details:

• Vulnerabilities:
  • 7-zip: https://www.tomshardware.com/tech-industry/cyber-security/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk
  • Ubiquiti: https://www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/
  • Adobe: https://www.securityweek.com/adobe-patches-52-vulnerabilities-in-10-products/
  • Microsoft: https://www.securityweek.com/microsoft-patches-137-vulnerabilities/
  • Microsoft: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/
  • Microsoft: https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html?m=1
  • In-Person Attack: https://www.bleepingcomputer.com/news/security/fbi-warns-of-silent-ransom-group-in-person-data-theft-attacks/amp/
  • In-Person Attack: https://www.ic3.gov/CSA/2026/260526.pdf
  • Apple:
  • Google: https://www.securityweek.com/chrome-148-update-patches-critical-vulnerabilities/
  • Linux: https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken
  • Linux: https://www.phoronix.com/news/Linux-ssh-keysign-pwn
  • Linux: https://www.bleepingcomputer.com/news/linux/exploit-released-for-new-pintheft-arch-linux-root-escalation-flaw/
  • Linux: https://www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/
  • Linux: https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/
• Data Breach Disclosures:
  • Github – https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
  • Grafana – https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
  • Zara – https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/
  • Charter – https://www.bleepingcomputer.com/news/security/charter-communications-data-breach-affects-49-million-accounts/
  • Carnival – https://www.bleepingcomputer.com/news/security/carnival-cruise-confirms-data-breach-affecting-nearly-6-million-people/
  • 7-Eleven – https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/
  • Oncology Institute – https://www.securityweek.com/oncology-institute-discloses-third-party-data-breach/
  • DocketWise – https://www.securityweek.com/docketwise-data-breach-impacts-143000/
  • Radiology Associates of Richmond – https://www.securityweek.com/266000-affected-by-data-breach-at-radiology-associates-of-richmond/
  • Millions Impacted Across Several US Healthcare Data Breaches – https://www.securityweek.com/millions-impacted-across-several-us-healthcare-data-breaches/
  • US HHS Listing of Breaches under investigation – https://ocrportal.hhs.gov/ocr/breach/breach_report_hip.jsf
  • American Lending Center – https://www.securityweek.com/american-lending-center-data-breach-affects-123000-individuals/
  • Skoda – https://www.securityweek.com/skoda-data-breach-hits-online-shop-customers/
• Supply Chain:
  • Github: https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/amp/
  • npm: https://www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/amp/
  • Github: https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/
  • npm: https://www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/
  • npm & PyPI: https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/
  • Jenkins: https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/
  • JDownloader: https://www.bleepingcomputer.com/news/security/jdownloader-site-hacked-to-replace-installers-with-python-rat-malware/
  • Laravel-Lang: https://www.securityweek.com/laravel-lang-packages-poisoned-for-malware-delivery/
  • npm,, PyPI & github: https://www.securityweek.com/over-320-npm-packages-hit-by-fresh-mini-shai-hulud-supply-chain-attack/
  • RubyGems: https://www.securityweek.com/hundreds-of-malicious-packages-force-rubygems-to-suspend-registrations/
  • Checkmarx Jenkins AST plugin: https://www.securityweek.com/checkmarx-jenkins-ast-plugin-compromised-in-supply-chain-attack/

As always if you have any questions or concerns about this latest security disclosure, please feel free to reach out.