Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More

May 2026 featured a series of active phishing and fileless campaigns—fake invitations, Agent Tesla attacks, BlobPhish browser-based credential theft, OTP phishing, compromised B2B sites delivering in-memory payloads, and phishing-driven RMM deployment—that targeted finance, procurement, corporate email, and IT users; attackers used injected scripts, PowerShell execution, blob-generated pages, and OTP interception to steal credentials and gain remote access while evading traditional detection, prompting recommendations for sandbox-based analysis and cross-signal SOC detection.