Security Signals (5/5/26-5/19/26)

This digest lists numerous security reports from May 2026 covering high-risk activity including a cross-ecosystem supply-chain worm targeting npm and PyPI, active PAN-OS buffer-overflow exploitation linked to state actors, multiple malware campaigns (infostealers, RATs, backconnect proxies), developer-targeted supply-chain compromises, and large-scale phishing/smishing and fraud operations — indicating broad, active threats across open-source ecosystems, cloud and enterprise infrastructure, and end-user platforms.