May Patch Tuesday Commentary From Fortra

Posted in Commentary with tags on May 12, 2026 by itnerd

By Tyler Reguly, Associate Director, Security R&D, Fortra

Microsoft decided to welcome May with 137 vulnerabilities (not to mention the 128 Edge CVEs) and the content couldn’t be more varied. We have all the usual suspects as well as a few rarely seen items like Microsoft Data Formulator and Data Deduplication, which I don’t believe I’ve ever seen mentioned before. I think, this month, the interesting thing to talk about is the numbers. AI related vulnerabilities are hard to ignore this month with 7 CVEs referencing Copilot plus Azure AI Foundry appearing as well, that is sure to get some attention. There are also 13 vulnerabilities that Microsoft is reporting as ‘no customer action required’, This means that they’ve already been mitigated and/or resolved by Microsoft and they’re raising them for informational purposes. Finally, we have 14 vulnerabilities (some overlap exists with the other two counts) that are in cloud or cloud adjacent applications. Depending on how heavily you rely on the Azure ecosystem, you may have a lot of digging around to do this month.

Interestingly, the CVEs that stood out to me the most are in the no customer action required bucket. CVEs like CVE-2026-33109, a remote code execution vulnerability in Azure Managed Instances for Apache Cassandra, and CVE-2026-33823, Microsoft Team Events Portal Information Disclosure Vulnerability. Since these have been both resolved by Microsoft, there’s no action to take, otherwise these would be the CVEs that I’d be discussing this month.

If I were the CSO and looking at this patch drop, there would be two questions on my mind.

  1. Are we aware of all our uses of AI?
    1. ~6% of the CVEs this month were AI based and we know that number is only going to grow from here. What other instances of AI might be in use in your organization that are not backed by a company with a regular update schedule like Microsoft?
  2. Do we use Confluence or Jira with SSO Integration?
    1. CVE-2026-41103 is an elevation of privilege in the Microsoft SSO Plugin for both Confluence and Jira. This is common software, deployed at a lot of organizations, and I suspect that most organizations have it tied to their Microsoft SSO.
    2. The interesting thing here is that the individuals responsible for Confluence and Jira may not be the same individuals responsible for Microsoft products, so the crossover that this vulnerability entails may cause it to be entirely overlooked, so definitely stay on top of your teams with this one.

Leave a comment »

The L Suite Partners with Anthropic

Posted in Commentary with tags on May 12, 2026 by itnerd

The L Suite today launched two Claude connectors as an official partner of Anthropic’s Claude for the legal industry. The new initiative connects Claude to the tools lawyers use across drafting, research, contract management, e-discovery, and data rooms. The connectors mark the first time The L Suite’s peer intelligence has been made available outside its private member platform, The Braintrust.

TopCounsel by The L Suite, a connector available to all in-house counsel, helps lawyers find the right outside counsel for a specific matter, recommending individual lawyers, not just firms. Rankings are based on The L Suite’s vast and unbiased dataset and proprietary ranking algorithm, including:

  • Aggregated member sentiment from thousands of peer-to-peer in-house recommendations and outside counsel survey results
  • Substantive expertise demonstrated by outside counsel speakers, shared with The L Suite community from over 2,000+ individual speaking engagements
  • Thousands of documents and templates, shared with the L Suite community by outside counsel
  • Private research and outside counsel interviews by The L Suite’s research staff

The bottom line: TopCounsel recommendations are based on real, demonstrated expertise in the specific matter as judged by the premiere in-house counsel community.

Lloyd by The L Suite, a private connector for L Suite members, brings the full L Suite Braintrust into Claude: thousands of peer discussion threads, 3,000+ shared documents, 5,000+ hours of event content, and 10,000+ outside counsel recommendations contributed by GCs and legal ops leaders at companies including Intuit, Reddit, Klaviyo, Instacart, Notion, Canva, Lyft, and HubSpot. Members use Lloyd to pressure-test decisions before advising CEOs and boards, benchmark legal team structure and spend, find peer-vetted vendors, and get up to speed on unfamiliar topics. Lloyd requires an eligible L Suite team membership and a Claude Team or Enterprise account.

Find TopCounsel in the Claude connector directory or at Topcounsel.ai and Lloyd by the L Suite on The L Suite website.

Leave a comment »

SOCRadar Named a Visionary in 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies

Posted in Commentary with tags on May 12, 2026 by itnerd

SOCRadar, a global leader in extended threat intelligence and cybersecurity, today announced it has been named a Visionary in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies, which helps leaders evaluate the right CTI technologies against the most impactful threats. This is the first time SOCRadar has been evaluated and ranked by Gartner.

According to Gartner, SOCRadar’s agentic Extended Threat Intelligence Platform is a unified system that brings together digital risk protection, threat intelligence, and attack surface monitoring. The platform serves enterprises, MSSPs, and government organizations that need visibility across surface, deep, and dark web, enriched with identity, brand, infrastructure, and vulnerability intelligence. As well, the Gartner report highlights the SOCRadar MCP Server and SOCRadar Copilot for AI-driven insights, adversary attribution, alert prioritization, supply chain risk analysis, and phishing detection through modular agent-based logic.

To gain free access to the full Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies report, please see this link

Leave a comment »

Q1 2026 Ransomware Report From Check Point: Fewer Groups, Higher Impact 

Posted in Commentary with tags on May 12, 2026 by itnerd

Ransomware activity remained elevated in Q1 2026, continuing the trend established over the past year.

According to the State of Ransomware Q1 2026 report from Check Point Research, overall attack volume stayed near historic highs. At the same time, the structure of the ransomware ecosystem changed materially. After two years of increasing fragmentation, activity is consolidating around a smaller number of dominant groups. For organizations, this shift reduces the number of active actors but increases the potential impact of individual incidents.

 Key Findings:
  • 2,122 organizations were listed on ransomware data leak sites in Q1 2026, making it the second-highest Q1 on record
  • The top 10 ransomware groups accounted for 71% of all victims, reversing the fragmented landscape seen throughout much of 2025
  • Qilin remained the most active ransomware operation for the third consecutive quarter, posting 338 victims
  • LockBit confirmed its comeback, posting 163 victims and re-entering the global top tier

Taken together, these figures show that ransomware volume has stabilized at a high baseline, while operational power is concentrating in fewer, more capable hands.

You can read the report here: Q1 2026 Ransomware Report: Fewer Groups, Higher Impact – Check Point Blog

Leave a comment »

Google Has Traced A Case Of Hacking Back To AI….. Which Is Not A Shock To Me

Posted in Commentary with tags on May 12, 2026 by itnerd

A reader pointed me to this Google Threat Intelligence Group blog post that details a case of hacking that uses AI to pull this hack off.

From the blog post:

Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks.

So is anyone actually shocked by this? I am not. It was only a matter of time before AI was used to be part of an attack chain. And I fully expect more of this in the future.

Leave a comment »

New data from Employment Hero shows Canadian SMB Wages Continue to Outpace Inflation

Posted in Commentary with tags on May 12, 2026 by itnerd

Statistics Canada’s latest Labour Force Survey shows Canada’s labour market remains cautious amid ongoing economic uncertainty, with national employment largely unchanged in April. But beneath the surface, small businesses are telling a more nuanced story.

New data from Employment Hero shows SMB wages rose 4.2% year-over-year in April, continuing to outpace inflation (2.4%) even as overall SMB employment declined -0.9% nationally.

The findings come from Employment Hero’s newly launched first-party data engine, a monthly snapshot of labour market activity across nearly 3,000 Canadian SMBs, designed to complement broader labour reporting with a real-time view of how smaller businesses are responding to changing economic conditions.

While hiring remains soft overall, consumer-facing industries are proving more resilient ahead of the busy summer season.

Employment across retail, hospitality and tourism rose 3.8% year-over-year, while wages in the sector climbed 10.6%, the strongest wage growth recorded across all industries.

With patios reopening, festivals approaching, and Environment and Climate Change Canada forecasting one of the hottest years on record globally, Employment Hero says many businesses tied to seasonal demand are continuing to hire despite broader economic caution.

Employment Hero’s data also suggests businesses are increasingly favouring flexibility, with casual employment rising 12.7% year-over-year, pointing to a growing reliance on more adaptable staffing models.

Regional snapshot: where SMBs are still hiring

While national hiring remains soft, several regions continue to outperform YoY:

  • Saskatchewan: Employment up 5.7% , wages up 5.7% (also saw recent MoM growth)
  • Alberta: Employment up 2.0%, wages up 5.4% (also saw recent MoM growth)
  • Nova Scotia: Employment up 4.7%
  • New Brunswick: Employment up 2.5%
  • Quebec: Employment up 3.8%
  • Ontario: Employment down –1.8%, though wages still rose 3.3%
  • British Columbia: Employment down 4.4%, while Vancouver wages climbed 5.5%

Leave a comment »

Messaging app leaks details of 1.2M profiles online including names and phone numbers

Posted in Commentary with tags on May 12, 2026 by itnerd

Cybernews researchers have found that Tokee, a video and text messaging app, has leaked the details of 1.2 million user profiles, which represents the vast majority of the app’s user base. The exposed data was stored in a MongoDB database, a popular service businesses use to store and process large volumes of data.

Here’s the data that was leaked:

  • User display names;
  • Phone numbers (stored as numeric values);
  • Profile avatars (hosted on Firebase Storage);
  • Device tokens used for push notifications;
  • User IDs;
  • Account creation and update timestamps;
  • “Last seen” activity indicators;
  • Account status flags (e.g., premium/non-premium);
  • The exposed database appears to have stored Tokee’s chat messages, but our researchers say the messages were encrypted. 

After the Cybernews team contacted the company and the responsible authorities, the exposed database was taken offline. 

Attackers could exploit the data to track and profile user activity and use leaked tokens for targeted phishing and spam campaigns, increasing cybersecurity risks for app users. 

For more information, here’s the full report:

https://cybernews.com/security/tokee-messaging-app-data-leak

Leave a comment »

Recast Names Intune and Configuration Manager Expert Shanmugam Senthil as Senior Director of Engineering

Posted in Commentary with tags on May 12, 2026 by itnerd

Recast today announced that Shanmugam Senthil has joined the company as Senior Director of Engineering and India Site Leader. Based in Bangalore, Senthil will help establish Recast’s India presence and strengthen the company’s engineering organization to support continued growth. His combination of Microsoft platform expertise and technology leadership experience gives Recast added depth as it evolves its capabilities to help customers manage and secure complex IT environments.

A 30-year technology industry veteran, Senthil has built and led engineering teams at Microsoft, Yahoo!, Samsung, and Sun Microsystems. During his decade at Microsoft, he led engineering teams responsible for evolving core endpoint management capabilities within Intune and ConfigMgr. That experience aligns closely with Recast’s mission and product direction as organizations look for more effective ways to manage, secure, and optimize endpoints across hybrid and cloud environments.

In his new role, Senthil will help shape the structure, culture, and daily operations in India. He will also collaborate closely with Recast’s global engineering and product teams to expand the company’s capabilities in support of its long-term product strategy.

Leave a comment »

Cybercriminals Are Already Targeting the 2026 FIFA World Cup according to Flashpoint

Posted in Commentary with tags on May 12, 2026 by itnerd

With the 2026 FIFA World Cup set to become the largest sporting event in history, cybercriminals are already preparing to exploit the massive global attention surrounding the tournament.

Flashpoint’s latest blog breaks down the emerging threat landscape tied to the World Cup, including how threat actors are expected to leverage phishing campaigns, counterfeit ticket scams, fake hospitality offers, credential theft, and social engineering attacks targeting fans, brands, and event infrastructure. The report also examines the broader risks facing organizers, sponsors, transportation systems, and connected venues as the tournament approaches.

Given the scale of the event across the U.S., Canada, and Mexico, security leaders are facing a uniquely complex attack surface that blends physical and cyber risk.

You can read the blog post here: Navigating the Threat Landscape of the 2026 FIFA World Cup | Flashpoint

Leave a comment »

Desjardins and Nieuport Aviation Partner to Elevate the Domestic Lounge Experience at Billy Bishop Toronto City Airport

Posted in Commentary with tags , on May 12, 2026 by itnerd

Today, Desjardins Group and Nieuport Aviation announced a new multi-year partnership that elevates the passenger experience through thoughtful enhancements of the domestic lounge at Billy Bishop Toronto City Airport.

Available for passengers travelling within Canada, the space reinforces a shared vision between Desjardins and Nieuport Aviation: to create environments that enable connection for work, rest and travel while elevating the experience for passengers.

The new amenities in the domestic lounge blend comfort, functionality, and modern design. Key features include future private office pods to support focused work or calls, wireless chargers integrated into lounge tables, greenery to create a calm and overall welcoming atmosphere.

A partnership rooted in shared values

Rooted in its cooperative model, Desjardins brings a strong people‑centred and values‑driven approach to this partnership—focused on accessibility, sustainability, innovation, and meaningful impact in the communities it serves. The refreshed lounge embodies Desjardins’ belief that collaboration can help reimagine everyday spaces in more inclusive, human and purposeful ways, beyond the boundaries of traditional business environments.

Nieuport Aviation, terminal partner at Billy Bishop Airport, is similarly guided by a commitment to creating value through thoughtful infrastructure and meaningful partnerships. As the steward of a space defined by movement and connection, Nieuport has focused in recent years on initiatives that enhance the traveler experience, ranging from expanded and diversified concessions to improved amenities, the introduction of the U.S. preclearance facility, and the elevated atmosphere created through its partnership with Desjardins.

Features of the redesigned domestic lounge include:

  • Workstation pods designed to support passenger privacy and productivity
  • Wireless chargers integrated into lounge tables, enabling convenience and effortless connectivity
  • Greenery and natural design elements to enhance ambiance and comfort
  • Occasional activations designed to elevate the passenger experience. 

Serving a diverse mix of business and leisure travelers, the domestic lounge at Billy Bishop Toronto City Airport remains a key element in the overall passenger journey. Through this partnership, Desjardins and Nieuport Aviation are spearheading an elevated standard for airport spaces that support modern travel while remaining inclusive, functional and welcoming.

The enhanced lounge is now open to passengers, marking the beginning of a multi-year collaboration focused on continuous improvement, shared growth and meaningful connection.

Leave a comment »

« Older Entries