IT News Roundup: NGINX Zero-Day, Ollama Vulnerability, and AI Security Race - May 18, 2026

The past week has been dominated by critical infrastructure vulnerabilities, the accelerating arms race in AI-powered cybersecurity, and the ongoing fallout from one of the largest educational data breaches on record. From a decades-old NGINX flaw now being weaponized to new AI systems that discover vulnerabilities faster than humans can patch them, the landscape is shifting rapidly.

18-Year-Old NGINX Vulnerability Actively Exploited in the Wild

A critical heap buffer overflow vulnerability in NGINX, tracked as CVE-2026-42945 (CVSS 9.2), has been confirmed as actively exploited in the wild just days after disclosure. The flaw, dubbed NGINX Rift by researchers at DepthFirst, has been hiding in the ngx_http_rewrite_module for approximately 18 years — meaning virtually every major version of NGINX Plus and NGINX Open Source has been affected.

The vulnerability is triggered by a specific rewrite-rule pattern involving unnamed regex captures and a replacement string containing a question mark, which causes attacker-controlled URI data to overflow the worker-process heap. Successful exploitation allows unauthenticated attackers to crash worker processes or execute arbitrary remote code. The issue affects NGINX versions 0.6.27 through 1.30.0. F5, which now maintains NGINX, has released patches and urges all administrators to update immediately.

Source: The Hacker News, DepthFirst

Ollama 'Bleeding Llama' Vulnerability Exposes 300,000 AI Servers

Researchers at Cyera have disclosed CVE-2026-7482, a critical out-of-bounds read vulnerability in Ollama — the widely adopted platform for running large language models locally. Codenamed Bleeding Llama and scored at 9.1 on the CVSS scale, the flaw allows a remote, unauthenticated attacker to leak the entire process memory of an affected Ollama server.

The vulnerability stems from a heap out-of-bounds read in Ollama's GGUF model loader during quantization. A crafted GGUF model file can trigger the overflow, and the leaked memory can then be exfiltrated via Ollama's model-push functionality. More than 300,000 internet-facing Ollama servers are estimated to be exposed. The fix is available in Ollama version 0.17.1 and later, and administrators of self-hosted AI infrastructure are strongly advised to upgrade without delay.

Source: The Hacker News, Daily Security Review

Microsoft's MDASH AI System Discovers 16 Windows Vulnerabilities

Microsoft has unveiled MDASH (Multi-Model Defense Agent Security Hunter), an AI-powered vulnerability discovery system that identified 16 previously unknown flaws in the Windows networking and authentication stack — including four critical remote code execution vulnerabilities. The findings were included in Microsoft's May 12 Patch Tuesday release, which shipped 120 CVEs total.

MDASH is a multi-model, agentic system designed to reduce false positives in vulnerability discovery. During testing, researchers planted 21 known vulnerabilities into a test environment and MDASH reportedly found all of them without generating a single false positive. On the CyberGym benchmark — a standard measure of AI vulnerability discovery capability — MDASH scored 88.4%, topping the leaderboard ahead of Anthropic's Mythos system. The system represents a significant step forward in automated security research.

Source: CSO Online, GeekWire

OpenAI Launches GPT-5.5-Cyber and Daybreak Platform

OpenAI has rolled out GPT-5.5-Cyber, a specialized cybersecurity-focused AI model available in limited preview to vetted security teams. The model is trained to be more permissive on security-related tasks and supports workflows including vulnerability identification and triage, patch validation, and malware analysis. It sits above the standard GPT-5.5 and GPT-5.5 with Tool Use for Cyber (TAC) in OpenAI's tiered access model.

Alongside the model release, OpenAI announced Daybreak, a broader defensive cybersecurity platform. The initiative is widely seen as OpenAI's response to Anthropic's Claude Mythos Preview, which demonstrated the ability to find and patch 271 vulnerabilities in Firefox. The UK's AI Security Institute (AISI) has already evaluated GPT-5.5 on cyber tasks, noting it is among the strongest models tested and the second to solve a multi-step cyber-attack simulation end-to-end.

Source: Politico, The Hacker News

Canvas LMS Breach: Instructure Strikes Deal With ShinyHunters

The Canvas data breach continues to unfold. Instructure, the parent company of the widely used Canvas learning management system, confirmed on May 1 that unauthorized activity was detected on April 29. The extortion group ShinyHunters claimed responsibility, alleging the theft of 3.65 terabytes of data affecting approximately 275 million users across nearly 9,000 schools and universities worldwide.

Exposed data reportedly includes user names, email addresses, student ID numbers, and private messages exchanged between students and teachers. After days of chaos and ransom threats, Instructure announced on May 12 that it had reached a deal with ShinyHunters for the deletion of the stolen data. The terms of the agreement — including whether a ransom payment was made — have not been publicly disclosed. The incident has reignited debate over ransom payment policies and the security of educational technology infrastructure.

Source: CyberSecurityNews, The Guardian

Systemic Vulnerability Found in Anthropic's Model Context Protocol

Security researchers at OX Security have disclosed a critical, systemic architectural vulnerability in Anthropic's Model Context Protocol (MCP) — the open-source standard for AI agent communication. The flaw stems from the STDIO execution model in official MCP SDKs, which can execute arbitrary OS commands even when local server startup fails, effectively enabling remote code execution on any system running an MCP implementation.

The vulnerability has propagated across the AI ecosystem, affecting third-party tools with over 150 million combined downloads and an estimated 200,000 servers. Between January and April 2026 alone, over 40 CVEs have been disclosed against MCP implementations across Python, TypeScript, Java, and Rust SDKs. Nine out of eleven MCP marketplaces were found to be affected. Anthropic has defended the overall MCP design while acknowledging the need for hardening in the SDK implementations.

Source: OX Security, Infosecurity Magazine

Microsoft Warns of Prompt Injection Leading to Remote Code Execution in AI Agents

Microsoft's Security Response Center has published research demonstrating how prompt injection attacks in AI agent frameworks can escalate to full remote code execution. The blog post, titled 'When Prompts Become Shells', details how attackers can craft malicious prompts that trick AI coding agents into executing arbitrary system commands — effectively turning language model interactions into shell access.

The research highlights vulnerabilities across multiple agentic frameworks and underscores a growing class of threats unique to AI-powered development tools. As AI agents gain deeper system access to automate workflows, the attack surface expands beyond traditional software vulnerabilities into the prompt layer itself. Microsoft recommends sandboxing AI agent execution environments, implementing strict input validation, and auditing agent permissions regularly.

Source: Microsoft Security Blog

This roundup covers the most significant IT and cybersecurity developments from the past week. For ongoing updates, follow the sources linked above.