Security News Update for May 24, 2026

This week’s news includes:

• Researcher Microsoft Ticked Off Releases Two Zero Days the Day After Patch Tuesday
• CISA Admin Leaked AWS Govcloud Keys on Github
• Musk Loses Lawsuit Against OpenAI
• How do we secure in-scope containers?
• DoD Releases New Version of the CMMC FAQ, now called Version 5
• New Information in CMMC FAQ v5
• The “NEW” FedRAMP
• China Gets Creative With Power and Cooling for Large AI Data Center
• Google Just Killed Off Search to Control the Narrative
• Another Cisco Zero-Day; This Time SD-WAN Bug Grants Admin Access
• Is Open Source Bug Free?  AI Finds 18-Year-Old Bug in Nginx
• Shark Tank Personality Kevin O’Leary is Building an AI Data Center in Utah
• Another Critical Industry Infrastructure Group Forms Private CISA Replacement
• NYC Health & Hospitals Hacked; Affects at Least 1.8 Million
• Trump (Mobile) Can’t Catch a Break
• Microsoft and others likely to break bug patch count this year
• Microsoft secure boot key to expire next month
• FTC warns big tech about the effective date of the “Take it Down” law
• Security News for the week ending May 22, 2026: active bomb found underwater attached to Mobile, AL’s water supply dam, Poland directs officials to ditch Signal for supposedly secure Polish alternative, America’s largest Bitcoin ATM operator files for bankruptcy, Congress wants answers; CISA wants to stop the bleed from Github creds leak and Ken Paxton (Texas AG) sues Meta over lying about WhatsApp privacy

• Audio
• Video