{"id":180605,"date":"2026-05-18T01:00:25","date_gmt":"2026-05-18T08:00:25","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?post_type=threat-bulletin&p=180605"},"modified":"2026-05-18T09:19:25","modified_gmt":"2026-05-18T16:19:25","slug":"may-2026","status":"publish","type":"threat-bulletin","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-bulletin\/may-2026\/","title":{"rendered":"Unit 42 Threat Bulletin - May 2026"},"content":{"rendered":"

On April 17, 2026, we announced Palo Alto Networks was <\/span>conducting early testing<\/span><\/a> of the latest frontier AI models, including Anthropic\u2019s Mythos model as part of Project Glasswing and OpenAI\u2019s latest models as part of Trusted Access for Cyber program. We\u2019ve continued testing and on May 13,<\/span> we provided an update<\/span><\/a> on our ongoing research, our learnings uncovered in the process, and the approach we\u2019re taking to protect our customers.\u00a0<\/span><\/p>\n

The results are the full, initial scan of over 130 products across all three platforms. The May 13 advisory covers 26 CVEs (representing 75 issues) versus our usual volume (typically less than 5 CVEs in a month); none of which are being exploited in the wild.\u00a0<\/span><\/p>\n

As of the announcement, we\u2019ve patched all important vulnerabilities in our SaaS delivered products, and all customer-operated products now have patches available. We intend to fix every vulnerability we find before advanced AI capabilities become widely available to adversaries. To help organizations prepare, we outline four steps in the announcement every organization needs to take immediately.\u00a0<\/span><\/p>\n

Separately, this month\u2019s Threat Bulletin focuses on how the supply chain has become one of the most effective paths into the enterprise. It also doesn\u2019t look like a traditional attack surface anymore.<\/span><\/p>\n

This isn\u2019t just about vulnerabilities being exploited. Attackers are operating through the same software paths organizations rely on every day. Updates, dependencies, and build pipelines are becoming execution channels.<\/span><\/p>\n

We also look at how far that shift has gone. Supply chain now extends beyond code into SaaS integrations, vendor management planes, and identity-driven access. One upstream issue can impact many downstream environments, often without raising immediate concern.<\/span><\/p>\n

And in some cases, there are no exploits at all. Just vishing, valid credentials, and SSO. Once inside, access expands quickly across systems that already trust the user, which makes detection much harder.<\/span><\/p>\n

Across all three, the issue is the same. The problem is no longer just stopping a breach. It\u2019s understanding what your environment already trusts, how far that trust reaches, and what happens when it\u2019s used against you.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

The May edition of the Unit 42 Threat Bulletin is live. Find new content and expert perspectives on the latest threats in this packed issue.<\/p>\n","protected":false},"author":367,"featured_media":149700,"template":"","categories":[9428,4321],"tags":[],"coauthors":[9538],"class_list":["post-180605","threat-bulletin","type-threat-bulletin","status-publish","has-post-thumbnail","hentry","category-insights","category-threat-research"],"yoast_head":"\nUnit 42 Threat Bulletin - May 2026 - Unit 42<\/title>\n<meta name=\"description\" content=\"The May edition of the Unit 42 Threat Bulletin is live. Find new content and expert perspectives on the latest threats in this packed issue.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unit 42 Threat Bulletin - May 2026\" \/>\n<meta property=\"og:description\" content=\"The May edition of the Unit 42 Threat Bulletin is live. Find new content and expert perspectives on the latest threats in this packed issue.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-18T16:19:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/08\/04_Security-Technology_Category_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Unit 42 Threat Bulletin - May 2026 - Unit 42","description":"The May edition of the Unit 42 Threat Bulletin is live. Find new content and expert perspectives on the latest threats in this packed issue.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/","og_locale":"ja_JP","og_type":"article","og_title":"Unit 42 Threat Bulletin - May 2026","og_description":"The May edition of the Unit 42 Threat Bulletin is live. Find new content and expert perspectives on the latest threats in this packed issue.","og_url":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/","og_site_name":"Unit 42","article_modified_time":"2026-05-18T16:19:25+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/08\/04_Security-Technology_Category_1920x900.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/","url":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/","name":"Unit 42 Threat Bulletin - May 2026 - Unit 42","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/08\/04_Security-Technology_Category_1920x900.jpg","datePublished":"2026-05-18T08:00:25+00:00","dateModified":"2026-05-18T16:19:25+00:00","description":"The May edition of the Unit 42 Threat Bulletin is live. Find new content and expert perspectives on the latest threats in this packed issue.","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/08\/04_Security-Technology_Category_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/08\/04_Security-Technology_Category_1920x900.jpg","width":1920,"height":900,"caption":"Pictorial representation of a BadSuccessor attack. A person analyzing data on a computer screen in a busy office environment, with digital graphs and code overlaying the image."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/may-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"Threat Bulletins","item":"https:\/\/unit42.paloaltonetworks.com\/threat-bulletin\/"},{"@type":"ListItem","position":3,"name":"Unit 42 Threat Bulletin - May 2026"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/threat-bulletin\/180605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/threat-bulletin"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/threat-bulletin"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/367"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/149700"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=180605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=180605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=180605"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=180605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}