Welcome to the May 2026 edition of the Cyber Threat Report. This month's articles examine a range of developments across the threat landscape, from evolving phishing techniques and critical infrastructure vulnerabilities to shifts in authentication standards.
In our first article, we analyse "BlobPhish", a sophisticated phishing campaign exploiting browser-based Blob URL APIs to harvest Microsoft 365 credentials, bypassing conventional security controls and heightening the risk of Business Email Compromise (BEC). We then examine "Copy Fail" (CVE‑2026‑31431), a high-severity Linux kernel vulnerability enabling local privilege escalation to root level, with particular implications for cloud and containerised environments. Finally, we explore the NCSC's recent endorsement of passkeys as the preferred authentication standard, considering the practical and strategic implications for organisations currently reliant on traditional two-factor authentication (2FA).