Report Date: 2026-05-19
New KEVs: 2Critical CVEs: 5Ransomware Victims: 150
2 vulnerabilities were added to the CISA Known Exploited Vulnerabilities catalog this period. 5 additional critical-severity CVEs have been published to the NVD but not yet confirmed as exploited — Microsoft products show the strongest concentration of risk signals this week. Threat intelligence sources this period reference Turla (Russia). Ransomware activity is moderate with 150 new victims posted to leak sites over the last 7 days, with Qilin posting the most victims.