Summary During week 18 of 2026 (April 27–May 4), there were 13 vulnerability advisories and 26 incidents affecting roughly 9.6 million individuals, with the largest being the Pitney Bowes breach by ShinyHunters (8.2M records); ransomware and malware drove most incidents, hitting healthcare and IT hardest. Critical vulnerabilities were patched across major platforms including GitHub, Microsoft Entra ID, Spring Boot, cPanel, and the Linux kernel. Take Action: This week the most critical items are your Linux and cPanel patches. If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.…