Multiple Cybersecurity Incidents: ScarCruft Supply Chain Attack, Ollama Vulnerability, and Zara Data Breach

The North Korean threat group ScarCruft conducted a supply chain attack targeting a South Korean software vendor, compromising legitimate software updates to distribute malware. Ollama, an AI model deployment tool, was found to have a zero-day heap memory leak vulnerability, though no CVE ID was assigned. Fast-fashion retailer Zara suffered a data breach affecting 197,000 customers, exposing personal and payment information. The incidents were reported on May 12, 2026, with no specific geographic details provided beyond the South Korean supply chain attack. Impacts included unauthorized access to sensitive data, potential remote exploitation risks, and financial fraud exposure for affected users.