Google Chrome installed a 4 GB AI model on your machine without asking. The pitch is that it runs locally, keeping your data off Google’s servers. The AI button you actually see in your browser sends everything to Google anyway.

Privacy researcher Alexander Hanff found this during a routine web audit in late April and published his full analysis on 4 May 2026, two days ago. He had built a Chrome profile to run automated tests, the kind where software loads web pages in the background and measures what happens. The profile received no human input whatsoever: nobody moved the mouse, hit a key, or touched the address bar. Chrome just ran quietly in the background doing its thing.

Microsoft Edge loads every saved password into memory the moment the browser opens. They sit there in plain readable text for the entire session, even for sites that are never visited during that session. Microsoft’s official response: this is by design.

A security researcher who goes by @L1v1ng0ffTh3L4N decided to test every major Chromium-based browser to see how each one actually handles stored credentials while running. He went through them one by one. Edge was the only browser he found behaving this way. He took his findings to the BigBiteOfTech conference on April 29, presented them there with Palo Alto Networks Norway, and then posted a proof-of-concept video on May 4 that pulled in 5,900 responses within hours. He also put a small tool on GitHub called EdgeSavedPasswordsDumper so anyone could check this on their own machine.

Microsoft Defender deleted DigiCert root certificates from Windows machines worldwide and flagged them as Trojan:Win32/Cerdigent.A!dha. Those certificates tell your browser which websites to trust, and tell Windows which software is safe to run. DigiCert was hacked through a screensaver file in a customer support chat, Microsoft tried to respond, and Defender ended up deleting the very thing it was trying to protect.

DigiCert is a certificate authority. A certificate is what tells your browser that a website is real, and what tells Windows that software was actually built by the company whose name is on it. When you see a padlock in your browser, a certificate made that happen. When Windows decides whether to run a program without warning you, it checked a certificate. DigiCert issues more of those certificates than almost anyone else. When you log into your bank, check your email, or install software from a trusted vendor, there is a reasonable chance a DigiCert certificate was involved somewhere in that process.

Hashcat v7.1.2 has three unpatched vulnerabilities, all rated 9.8 out of 10. The tool that security professionals use to crack passwords can be used to crack the machine running it. The CVEs landed on May 1, 2026. There is still no patch.

Hashcat is the standard tool for recovering passwords from hashes. A hash is what a password looks like after a one-way scrambling algorithm runs over it. When a database leaks, the passwords do not come out as readable text. They come out as hashes, long strings of letters and numbers that look like gibberish. Hashcat works backwards. It takes guesses, runs the same algorithm over them, and checks whether the result matches a hash in the list. A single RTX 4090 can run through nearly 300 billion of those checks every second for the NTLM hash type used across Windows corporate networks. The tool has won the KoreLogic “Crack Me If You Can” 562901440119f978aa2b3ed1c1b6439a competition at DEF CON multiple times. Turns out, you can.

For 64 days, attackers had root access to cPanel servers managing over 70 million websites, and nobody had to know a single password to get in. A crafted HTTP request was enough, and two-factor authentication made no difference. The company behind the software was told about it two weeks before the patch dropped. Their first response was that nothing was wrong.

Whoever gets in walks away with root access to the entire server through WHM: the hosted sites, the databases behind them, the email accounts, the certificates, and every credential stored on that machine. With that level of access, someone can read every hosted account, modify files and databases, create permanent backdoor accounts, install malware, steal credentials, and potentially pivot from there into customer networks. Compromising one cPanel server does not mean compromising one website. It means compromising everyone sharing that machine.

Since 2017, every major Linux distribution has been shipping a flaw that hands root access to any local user. The exploit is a 732-byte Python script that uses only what comes built into Python by default. It works on Ubuntu, Amazon Linux, RHEL, and SUSE without a single modification, leaves nothing on disk, and bypasses almost every file integrity monitoring tool in existence, because the file it corrupts is never actually written to.

GitHub RCE CVE. A semicolon broke GitHub. One character in a push option field, and a security researcher was running code on the backend servers that store private repositories from millions of users and organizations. The git service user that processes every push on those servers has filesystem access to every repository on the node, and that access does not check who the repository belongs to. Private code from banks, hospitals, governments, and individual developers all sits on the same shared infrastructure. The command that got the researcher there is something every developer already runs every day.

Last week at Black Hat Asia in Singapore, a Kaspersky researcher publicly demonstrated PhantomRPC: five separate ways to take any standard Windows service account straight to full SYSTEM access, confirmed working on fully patched Windows Server 2022 and Windows Server 2025. Microsoft already knew. They received the ten-page technical report months ago, called it moderate severity, assigned no CVE, and closed the case. There is no patch.

RPC stands for Remote Procedure Call, and it is the system that Windows services use to send requests to each other directly in the background. When one service needs something from another, it sends a request through RPC. This happens constantly, hundreds of times per minute, completely invisible to whoever is sitting at the machine.

For 21 years, a cyberweapon called fast16 sat completely undetected. This one did not destroy machines or blow things up. It corrupted the math. Scientists running nuclear and engineering simulations got output that looked completely normal, every number added up, every result made sense, and all of it was deliberately wrong. It surfaced last week. It predates Stuxnet by five years.

SentinelOne researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade presented the full analysis of fast16 at Black Hat Asia last week. Fast16’s core binary has a compilation timestamp of August 30, 2005. Stuxnet’s C&C infrastructure was set up in November that same year.

Bing had a CVSS 10.0 vulnerability in its backend infrastructure, the same infrastructure that powers Edge, Windows Search, and Copilot integrations across Microsoft’s ecosystem. Microsoft fixed it on March 10 without saying a word publicly. The CVE showed up six weeks later, on April 23. Nobody outside the company knew this had been sitting in the infrastructure that hundreds of millions of people use every day.

The CVE number is 2026-33819. The vulnerability class is deserialization of untrusted data, and the idea behind it is simpler than it sounds.