Recap includes software supply chain attacks, zero-day exploits, and emerging cybersecurity risks

ORLANDO, Fla., June 3, 2026 /PRNewswire/ -- ThreatLocker today released highlights of the company's cybersecurity research, threat analysis, and industry commentary from May.

"The biggest cybersecurity stories this month were about exploited trust," said Danny Jenkins, CEO & Co-founder of ThreatLocker. "Attackers targeted software supply chains, code-signing infrastructure, trusted platforms, and identity systems. Organizations need security controls that assume trust can be abused, verify identities and devices continuously, and deny any unauthorized application activity by default."

ThreatLocker analysis of software supply chain attacks

ThreatLocker researchers spent much of May examining software supply chain attacks and the risks associated with trusted software ecosystems.

The team analyzed how Mini Shai-Hulud moved through the software supply chain to impact GitHub, Nx Console, and TanStack, while also exploring how the GitHub breach was likely caused by the Nx Console compromise. Additional research covered the TeamPCP supply chain attack impacting TanStack, the Reverse Shai-Hulud compromise affecting AntV packages, and what JDownloader and Daemon Tools reveal about software distribution trust.

The DigiCert compromise and subsequent Microsoft Defender false positives were also examined, highlighting how attackers can abuse mechanisms designed to establish trust and authenticity. Researchers further analyzed Microsoft Edge's handling of passwords in plaintext memory, using the discussion to highlight broader challenges around credential security and trusted native applications.

The abuse of trusted credentials was a common root cause across many of the incidents examined. As attackers increasingly target identities rather than endpoints, organizations must move beyond long relied upon methodologies like multi-factor authentication (MFA) and add capabilities like Zero Trust Network Access and Zero Trust Cloud Access that restricts connection to verified devices and network paths.

Understanding new exploits

ThreatLocker researchers continued to monitor emerging exploit activity, including the MiniPlasma Windows privilege escalation zero-day, Linux Copy Fail, Dirty Frag, and what the YellowKey and GreenPlasma zero-day exploits reveal about trusting native Windows security. Together, these findings highlighted how attackers continue to exploit trusted components and elevate privileges.

Amidst continuing discussions across cybersecurity circles around AI-assisted exploit development and attack automation, ThreatLocker also examined why the Five Eyes Alliance sees Zero Trust as the best defense against agentic AI threats. The analysis found that while AI is changing how attacks are developed, it does not change the need to control what can run and what it can access. As organizations increasingly deploy AI agents with access to corporate systems and data, approaches such as Application Allowlisting and Ringfencing™ help limit what those agents can do while also helping defend against AI-generated threats by restricting unauthorized execution and behavior.

Education and continuing cybersecurity awareness

As part of its ongoing commitment to cybersecurity education, ThreatLocker hosted multiple webinars focused on practical approaches to reducing cyber risk.

During the webinar "Supply chain attacks are exploding", company experts examined the growing number of attacks targeting trusted software ecosystems, development environments, and software distribution channels.

 "How to protect your environment with granular admin controls" was also hosted in May. The webinar explored how organizations can reduce risk by limiting administrative access, restricting privileges, and preventing unauthorized changes across their environments.

Both webinars are available on demand through the ThreatLocker website.

About ThreatLocker:

ThreatLocker is a global cybersecurity leader that stops cyberattacks before they happen. The company's Zero Trust Platform prevents breaches from both known and unknown threats by allowing only explicitly trusted software and activity across endpoints, networks, and cloud systems. Built to deploy quickly and scale across complex environments, the platform reduces operational overhead while keeping business running uninterrupted. Headquartered in Orlando, Florida, with offices in Dublin, Dubai, and Brisbane, ThreatLocker protects over 70,000 organizations worldwide.

Contact: press@threatlocker.com, 321-515-3813

View original content to download multimedia:https://www.prnewswire.com/news-releases/threatlocker-highlights-key-cyber-threat-activity-and-research-from-may-2026-302790385.html

SOURCE ThreatLocker, Inc.