Microsoft's May 2026 Patch Tuesday addresses 118 security vulnerabilities with no zero-days for the first time in nearly two years. A notable trend this month is the role of AI in finding bugs: Anthropic's 'Project Glasswing' has contributed to record-breaking patch volumes across major vendors. Apple fixed 52 vulnerabilities in iOS 15, Mozilla resolved 271 flaws in Firefox 150 (with ongoing weekly security releases), Oracle patched 450+ flaws and switched to monthly critical updates, and Google fixed 127 Chrome vulnerabilities. Key Microsoft critical CVEs include a stack-based buffer overflow in Windows Netlogon granting SYSTEM privileges, a critical RCE in the Windows DNS client, and an Entra ID bypass via forged credentials.
Sort: