Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

The May 2026 Microsoft Patch Tuesday release looks quiet on the surface – no actively exploited zero-days, no public disclosures at release, and a CVE count below the four-month average. Don't let that fool you.In this episode, Jason Kikta and Landon Miles break down everything that happened between April and May patch cycles, including Apple's macOS Tahoe 26.5 release with 79 CVEs, the Dirty Frag Linux kernel privilege escalation chain, and two pre-authenticated network remote code execution vulnerabilities in Windows core services that belong at the top of your patch list.They also dig into one of the month's most significant trends: AI-assisted vulnerability research showing up by name in Microsoft, Apple, and Linux acknowledgments in the same patch cycle – including Anthropic researchers credited on a critical Windows graphics component RCE. Ten AI-attributed vulnerability discoveries shipped fixes across all three major operating systems this month.What's covered:CVE-2026-41089: Windows NetLogon RCE (CVSS 9.8) and CVE-2026-41096: Windows DNS Client RCE (CVSS 9.8)CVE-2026-40402: Hyper-V guest-to-host escalation (CVSS 9.3)macOS Tahoe 26.5: Wi-Fi kernel RCE, nine kernel CVEs, 20 WebKit vulnerabilitiesDirty Frag Linux privilege escalation chain and the Copy Fail connectionAI-credited discoveries from Anthropic, calif.io, Theori, and NIST's Center for AI Standards and Innovation- Patch Tuesday Blog- DirtyFrag Blog- What "Mythos Ready" Means