By the end of May 2026, the numbers told a story that no single headline could contain.

275 million education records claimed. Nearly 6 million Carnival customers exposed. 1.8 million New York hospital patients — including their fingerprint and palm-print biometric data. 323 poisoned npm packages. 47 Pwn2Own zero-days entering a 90-day patch countdown. 21 actively-exploited CVEs added to CISA KEV. An AI attack category at the world’s most prestigious hacking competition, with a winner on the very first day.

And through all of it, a pattern so consistent it could no longer be called coincidence.

In every major incident of May 2026, the victim’s own security controls were not bypassed. They were irrelevant. The attacker did not break through the wall. The attacker walked through a door that had been left open for someone else — a trusted vendor, a SaaS platform, an npm package, a help-desk employee, an AI tool.

The complete Foresiet Global Threat Landscape Report: May 2026 — including full IOC tables, analyst assessments, sector-by-sector breakdowns, and seven board-level action plans — is available now.

Official Link: Foresiet Reports