A wave of security incidents in May 2026: Grok tricked via Morse code prompt injection to send $200K in crypto, Ollama's unauthenticated "Bleeding Llama" memory leak, ShinyHunters re-breaches Canvas LMS threatening 9,000 schools, and Dirtyfrag — a universal Linux local privilege escalation with no patch.
A Twitter user exploited indirect prompt injection using Morse code to trick Grok AI into executing a command that transferred 3 billion DRB tokens worth roughly $200,000 to the attacker's wallet via a connected trading bot.
Security firm Cyera has disclosed "Bleeding Llama," a critical unauthenticated memory leak vulnerability in Ollama that could expose conversation data, API keys, and other sensitive information to remote attackers.
ShinyHunters claims a second breach of Instructure Canvas LMS, allegedly stealing data on 231 million people across 9,000 schools and threatening to publish it by May 12.
A new Linux kernel vulnerability called Dirtyfrag was publicly disclosed without patches or CVEs, allowing unprivileged users to gain root on all major distributions via chained kernel flaws.