A week in security for May 11–May 17, 2026 was documented by Malwarebytes Labs, summarising a busy period of threat news. Highlights include attackers replacing JDownloader installer downloads with malware on the JDownloader website for several days, and Meta’s confusing new approach to chat privacy as WhatsApp and Instagram privacy features shift. The roundup also notes Malwarebytes blocking some Yahoo Mail redirects, and a report that fake Claude search results lured Mac users into a ClickFix attack.
Additional items cover deepfake sextortion forcing schools to remove student photos from websites, and a claim that Texas sued Netflix over alleged secretly collected and sold user data. The piece also references May 2026 Patch Tuesday as having no zero-days but plenty to fix, plus the statistic that 1 in 8 employees have sold company logins or know someone who has, and mentions Stolen Canvas data being returned after a hacker agreement.