may 28, 2026
5 links from the engineering internet.
oracle ships first monthly critical security patch update with 35 new fixes
oracle's new monthly cspu cycle launches today with its first supplemental patch release, targeting high-priority cves faster than quarterly updates. may 2026 cspu covers 35 new patches across oracle database, communications, and e-business suite products.
carnival confirms shinyhunters stole nearly 6m customer records in april breach
carnival corporation confirmed a social engineering attack on april 14 gave attackers access to systems for 8 days. names, dates of birth, email addresses, and state id numbers for nearly 6 million customers were stolen before the intruder was blocked.
linux foundation launches dns-aid for decentralized ai agent discovery via dns
dns-aid uses svcb records, dns-sd, dnssec, and dane to let ai agents and mcp servers publish discoverable metadata without centralized registries or hardcoded urls. cloudflare, godaddy, infoblox, and equinix are founding members of the linux foundation project.
google infosec engineer charged with insider trading using year in search data
a zurich-based google security engineer faces federal commodities fraud and wire fraud charges for allegedly using confidential year in search trend data to place $2.75m in polymarket bets, netting roughly $1.2m in profits before google published the 2025 results.
vs code 1.122 ships air-gapped byok, browser device emulation, and agents window
version 1.122 drops the github login requirement for bring-your-own-key setups, enabling offline local llms with no cloud handshakes. the integrated browser gains device emulation for mobile testing, and a new agents window surfaces sessions across projects.