The M5 just met its memory problem.
Researchers crack Apple’s M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages. AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Eleven confirms a breach, and chained OpenClaw AI flaws could enable full host compromise. Santa Clara County sues Meta over alleged scam ads on Facebook and Instagram. Monday business breakdown. Our guest is Jason Madigan, Director of Commercial Cloud Security at Booz Allen, discussing the tension between resilience and data residency laws. A fond farewell for a security pioneer.
Today is Monday May 18th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Researchers demonstrate a macOS kernel memory corruption exploit against Apple’s M5.
Researchers say they developed the first public macOS kernel memory corruption exploit targeting Apple’s new M5 silicon, despite the company’s hardware-assisted Memory Integrity Enforcement, or MIE, protections.
The exploit chain targets macOS 26.4.1 and reportedly achieves local privilege escalation from an unprivileged user to a root shell using standard system calls. The researchers said the chain relies on two vulnerabilities and several exploitation techniques on bare-metal M5 hardware with kernel MIE enabled. Calif researchers credited Mythos Preview, an AI-assisted vulnerability research system, with helping identify bugs and support exploit development. According to the report, the exploit was built in roughly five days.
Apple designed MIE specifically to make memory corruption attacks significantly harder. The researchers argue the work highlights how AI-assisted vulnerability discovery may challenge even advanced hardware security mitigations.
An IBM Security executive emerges as a possible CISA director.
Cybersecurity leaders are urging the Trump administration to stabilize and strengthen the Cybersecurity and Infrastructure Security Agency, or CISA, as IBM Security executive Tom Parker emerges as a possible candidate to lead the agency.
Industry leaders say CISA has lost roughly one-third of its workforce over the past year, while the administration’s proposed FY2027 budget would cut another 30% from the agency. Security professionals warned that reduced staffing could weaken programs like the Known Exploited Vulnerabilities catalog and Secure by Design initiatives, both widely used to prioritize active threats and improve software resilience. Multiple experts said AI-driven vulnerability discovery is accelerating attack timelines, making centralized coordination and threat intelligence more critical.
Defenders increasingly rely on CISA as a neutral source of vulnerability prioritization, operational guidance, and cross-industry coordination as AI compresses the time between disclosure and exploitation.
Meanwhile, Sean Plankey, the former nominee to lead the Cybersecurity and Infrastructure Security Agency, or CISA, is joining defense technology company UFORCE as its U.S. chief executive officer.
UFORCE, a London-based company formed from nine Ukrainian firms, develops combat drones for air, land, and sea operations. The company said it plans to launch U.S.-made unmanned surface vessels this summer. Plankey withdrew from consideration for the CISA director role last month after facing Senate opposition. He previously served in the first Trump administration and recently retired from the U.S. Coast Guard.
Researchers uncover four malicious npm packages.
Researchers at OX Security have identified four malicious npm packages containing infostealer malware, including what appears to be a direct, non-obfuscated clone of the recently leaked Shai-Hulud malware source code.
The packages, including typo-squatted names targeting Axios users, were uploaded by the same threat actor and collectively logged more than 2,600 weekly downloads. Researchers said the malware variants steal information such as cloud configurations, cryptocurrency wallet data, environment variables, and IP addresses. One package also reportedly turns infected systems into a distributed denial-of-service, or DDoS, botnet. OX Security believes the cloned malware may have been inspired by a recently leaked Shai-Hulud code release tied to TeamPCP.
Researchers urged users to uninstall the packages, rotate credentials, inspect developer tools for malicious configurations, and monitor for signs of compromise.
Slop submissions overwhelm bug bounty programs.
Companies that pay independent researchers to find software vulnerabilities are struggling with a surge of low-quality, AI-generated bug reports that security teams must manually review and verify.
Bug bounty platform Bugcrowd said reports quadrupled during a three-week period in March, with most submissions proving false. Curl and Nextcloud both suspended their bug bounty programs after what they described as an explosion of AI-generated “slop” reports. Security experts say generative AI tools are lowering the barrier to entry for vulnerability research, while also enabling automated scanning and submission systems that flood programs with inaccurate findings. At the same time, platforms like HackerOne say AI is also helping experienced researchers discover legitimate flaws more efficiently.
The shift is forcing bug bounty programs to rethink validation, triage, and researcher vetting as AI reshapes vulnerability discovery economics.
HHS tracks multiple major healthcare data breaches.
Several large healthcare data breaches were recently added to the U.S. Department of Health and Human Services breach tracker, revealing impacts affecting hundreds of thousands of patients.
The largest confirmed incident involves New York City Health and Hospitals, where attackers reportedly accessed systems through a third-party vendor between November 2025 and February 2026, exposing personal, medical, insurance, biometric, and financial information tied to 1.8 million individuals. Additional breaches at Erie Family Health Centers, Florida Physician Specialists, and other providers collectively impacted hundreds of thousands more.
7-Eleven confirms data breach.
7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records from the convenience store chain.
The company said it detected unauthorized access on April 8 in systems used to store franchisee application documents. According to breach notifications filed in Maine, unspecified personal information submitted during franchise applications was exposed. ShinyHunters later claimed responsibility, threatening to leak the data unless a ransom was paid and offering the information for sale online. The group has recently targeted multiple organizations through phishing, third-party integrations, and misconfigurations tied to Salesforce environments.
Chained OpenClaw AI vulnerabilities could enable host compromise and persistent backdoor installation.
Cybersecurity firm Cyera has disclosed four vulnerabilities in the OpenClaw AI assistant that can be chained together to compromise the underlying host system and establish persistent access.
The attack chain, dubbed “Claw Chain,” begins with code execution inside the OpenShell sandbox through prompt injection, malicious plugins, or compromised external input. Researchers say attackers can then exploit multiple flaws, including race conditions and improper access controls, to bypass sandbox protections, leak sensitive credentials, escalate privileges, and ultimately write outside the sandbox boundary. The final vulnerability, tracked as CVE-2026-44112, carries a CVSS severity score of 9.6 and could allow attackers to plant backdoors and maintain long-term control of affected systems.
Cyera says more than 60,000 publicly accessible OpenClaw instances may be exposed. OpenClaw maintainers released patches one day after disclosure.
Santa Clara County sues Meta over scam ads on Facebook and Instagram.
In California, Santa Clara County has filed a lawsuit against Meta, accusing the company of knowingly allowing scam advertisements to spread across Facebook and Instagram in order to protect advertising revenue.
County officials allege Meta weakened its own fraud prevention efforts and allowed fraudulent advertisers to bypass moderation systems, despite repeated warnings about scam activity. The lawsuit cites allegations that Meta maintained “revenue guardrails” limiting enforcement actions if they threatened more than 0.15% of company revenue. Officials referenced financial scams, cryptocurrency fraud, impersonation schemes, and fake medical cures among the alleged deceptive ads. Meta denied the claims and said it removed more than 159 million scam ads last year while expanding fraud prevention partnerships and tools.
The case highlights growing legal pressure on major platforms over their role in enabling online fraud and deceptive advertising.
Monday business breakdown.
Several cybersecurity companies announced major funding rounds and acquisitions this week, with investors continuing to back AI-driven security platforms and automation technologies.
Agentic security operations center provider Exaforce raised $125 million in Series B funding to expand its AI-powered detection and response platform globally. Frame Security emerged from stealth with $50 million for AI-focused security awareness training, while Autonomous Cyber, White Circle, and Secludy also announced new funding tied to AI security, model protection, and privacy technologies. Meanwhile, industry consolidation continued with acquisitions involving BoostSecurity, Cycurion, WatchGuard, and automotive cybersecurity firm Cymotive. Multiple companies said the deals will strengthen AI-assisted detection, code analysis, cloud security, and operational defense capabilities.
The announcements reflect continued investor confidence in AI-centric cybersecurity platforms as organizations race to improve detection, automation, and resilience against increasingly complex threats.
A fond farewell for a security pioneer.
Peter G. Neumann, one of the most respected voices in computer security research, has died at the age of 93. Colleagues remembered him not only for his technical brilliance, but for decades of thoughtful warnings about insecure software, weak privacy protections, and the long-term risks of short-term thinking in technology.
Neumann spent more than 50 years at SRI International and remained active in security research until his death. He helped pioneer secure computing concepts through projects like Multics, Emerald, and the DARPA-funded CHERI program, which developed hardware-based protections against common software vulnerabilities. He also edited the influential RISKS Forum for decades, documenting computer failures and security flaws with insight and humor.
Friends and colleagues described Neumann as generous, deeply curious, and quietly influential, a researcher more focused on solving problems than seeking recognition.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
And that’s the CyberWire Daily, brought to you by N2K CyberWire.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s lead producer is Liz Stokes. We’re mixed by Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.
