Patch Tuesday May 2026 — 4 Fixes That Matter to Every UK Small Business

Episode notes

It’s that time of the month: Patch Tuesday. The headlines shout 137 CVEs and a perfect 10.0 somewhere in the noise, but this episode narrows the story down from global panic to what actually matters for a small business with a server room, a handful of laptops, and a CEO who needs to log in on Monday morning. I’m Graham Falkner and in this edition of the Small Business Cyber Security Guy I walk you into the trenches of May 2026’s update cycle — the numbers, the new role AI is playing in vulnerability hunting, and the four bugs you can’t ignore. I tell the story of how an unpatched domain controller can become the pivot point for a full-blown takeover (think Zero Logon’s ghost), why every Windows endpoint’s DNS client suddenly matters again, and how an Atlassian single sign‑on plugin could let an attacker impersonate any user. These aren’t abstract CVEs on a spreadsheet; they’re concrete threats with reachable fixes.