Patch Tuesday, May 2026 Edition

Tuesday, May 12, 2026 at 09:46 PM UTC·Source: Krebs on Security

Updated: Tuesday, May 12, 2026 at 10:00 PM UTC

Executive Summary

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs,

Analysis

Source Attribution

Originally published by Krebs on Security on May 12, 2026.

Related Threats

MEDIUMAiNEW

Shifting Budget Dynamics for Identity Security and AI Agents

AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.

Just nowDark Reading

MEDIUMAiNEW

The Boring Stuff is Dangerous Now

AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.

Just nowDark Reading

CRITICALZero Day

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group. “This is another reminder to find a trust

CVE-2026-42897

4h agoCSO Online