Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files
Foxconn confirmed a cyberattack affecting some North American factories after the Nitrogen ransomware group claimed it stole 8 TB of data, including more than 11 million files tied to internal project documentation and technical drawings. Foxconn says affected factories are returning to normal production, but the claims still matter because Foxconn supports major hardware supply chains. Even if customer data theft isn’t confirmed, attacks against large manufacturers can create downstream risk for partners, production timelines, intellectual property, and third-party assurance.
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
Microsoft patched CVE-2026-40361, a critical remote code execution vulnerability affecting Word components used by Outlook. A researcher warned the flaw could be triggered when a victim reads or previews a malicious email, which makes it higher risk for enterprise environments because users may not need to click a link or open an attachment. Teams should prioritize patching Outlook and Office systems, especially for executives, finance, legal, and other users who receive high volumes of external email.
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet released fixes for two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator that could let unauthenticated attackers execute commands or arbitrary code on unpatched systems. Fortinet says the flaws aren’t known to be exploited in the wild, but Fortinet products are often targeted by ransomware and espionage actors once technical details become available. Organizations using either product should patch quickly, restrict management interfaces, and review logs for suspicious access attempts.
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems temporarily suspended new account signups after attackers uploaded more than 500 malicious packages during a coordinated spam-publishing campaign. The malicious packages were removed, and RubyGems is working with Fastly on WAF protection and tighter rate limiting for account creation. This is another reminder that public package registries remain a soft target for supply chain abuse, and teams should avoid pulling new dependencies blindly without version pinning, reputation checks, and dependency review.
Hugging Face Packages Weaponized With a Single File Tweak
Researchers showed that an attacker could manipulate a Hugging Face model’s tokenizer.json file to hijack model output and redirect tool-call arguments through attacker-controlled infrastructure. The attack affects locally run models using common formats such as SafeTensors, ONNX, and GGUF, and could expose URLs, API parameters, or credentials embedded in model-driven requests. This matters because AI models and their supporting files are becoming part of the software supply chain, and defenders need to validate more than just model weights before allowing local model execution.
The post InfoSec News Nuggets 05/13/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
