Multiple Critical Cybersecurity Incidents Reported in May 2026

During the week of May 4, 2026, multiple critical cybersecurity incidents were reported, including mass exploitation of cPanel via the Sorry ransomware, targeting web hosting control panels. Critical vulnerabilities were identified in PAN-OS and Apache HTTP Server, though specific CVE IDs were not provided. The ANTS case saw developments with a minor arrested and €200 million allocated by the French government for remediation. A supply chain attack targeted DAEMON Tools, while DigiCert suffered a breach compromising 60 Extended Validation (EV) certificates. Additionally, Orange Cyberdefense was designated as a CNA (CVE Numbering Authority), and the ANSSI released its 2025 activity report.