Morning Review in IT Security — May 22, 2026

Today's threat landscape reveals critical vulnerabilities across multiple platforms, from cloud infrastructure delays to kernel exploits and supply-chain compromises. Organizations face mounting pressure to patch zero-days and secure API credentials as threat actors leverage both traditional exploitation and AI-assisted vulnerability discovery.

Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

A significant security gap has been identified in Google Cloud Platform's API key management system. When developers delete API keys, the credentials continue to function for up to 23 minutes before being fully revoked, creating an extended window of exposure for attackers. This vulnerability affects multiple Google services including GCP, Gemini, BigQuery, and Maps, potentially allowing unauthorized access to sensitive data and resources. The delay in credential invalidation represents a critical risk for organizations that discover compromised keys and attempt immediate remediation. Source: Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

macOS Kernel Memory Corruption Exploit - Schneier on Security

Researchers have discovered a kernel memory corruption vulnerability affecting Apple's M5 processor architecture, with the exploitation technique developed using Anthropic's Mythos AI model. The use of advanced AI systems to identify and weaponize zero-day vulnerabilities marks a concerning escalation in threat actor capabilities. This incident demonstrates how AI-assisted security research can be repurposed for offensive operations, creating novel attack vectors against macOS systems. Source: macOS Kernel Memory Corruption Exploit - Schneier on Security

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft has released patches addressing two actively exploited zero-day vulnerabilities tracked as CVE-2026-41091 and CVE-2026-45498, both affecting Windows Defender components. The vulnerabilities could allow attackers to escalate privileges to System level or launch denial-of-service attacks against protected systems. The BlueHammer malware has been observed exploiting these flaws in the wild, underscoring the urgency of immediate patching across enterprise environments. Source: Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

GitHub Links Repository Breach to TanStack npm Supply-Chain Attack

GitHub has confirmed that attackers who breached 3,800 internal repositories gained initial access through a compromised version of the Nx Console VS Code extension, version 18.95.0. The malicious extension was distributed as part of last week's TanStack npm supply-chain attack, allowing threat actors to establish persistence within GitHub's infrastructure. This incident illustrates how supply-chain compromises targeting development tools can cascade into breaches of high-value targets, affecting both the platform and downstream users. Source: GitHub links repo breach to TanStack npm supply-chain attack

Today's security incidents underscore the need for rapid patch deployment, careful credential management, and heightened vigilance around development tool integrity. Organizations should prioritize addressing these vulnerabilities while conducting supply-chain audits of their development dependencies.