Five things from the past working week that a UK board should know about, in the order they would matter if you had to brief a chair over coffee on Monday morning. A busy week, with two of these items likely to be referenced in regulator correspondence for the rest of the year.

1. The Mini Shai-Hulud worm went round on npm

On 11 May the Mini Shai-Hulud worm compromised 84 npm package artefacts across 42 of TanStack's open-source packages — and across Mistral AI's, UiPath's, OpenSearch's, and several others. The malicious versions were published through legitimate release pipelines, using the packages' own trusted OIDC identity, after attacker-controlled code hijacked the build runner mid-workflow. The result: malicious packages cryptographically indistinguishable from real ones by provenance attestation.

This is the third or fourth wave of the same toolchain, attributed to a group calling itself TeamPCP, which has also previously hit Aqua Security's Trivy scanner (March) and the Bitwarden CLI npm package (April).

On 12 May, NHS England Digital published a cyber alert covering the supply-chain attack and its read-across to UK healthcare developers.

For boards. If your firm builds anything with JavaScript or TypeScript — most firms do — this affects you. The right board-level question is not are we patched. Patching is the wrong frame for a supply-chain compromise. It is do we know which npm packages we depend on, and do we have a way of finding out within two hours if one of them turns hostile?

2. Patch Tuesday had its quietest month in two years

Microsoft's May Patch Tuesday on 13 May addressed 118 vulnerabilities — 16 rated critical, 102 important — and for the first time since June 2024, no actively exploited zero-days at release. The two highest-priority items are CVE-2026-41089 (Netlogon RCE, CVSS 9.8) and CVE-2026-41096 (Windows DNS Client heap-based buffer overflow RCE, CVSS 9.8). Both are network-reachable, both have low complexity, both deserve to be at the front of the patch queue.

A quiet month is not the same as a safe month. The April set included the cPanel zero-day that had been exploited for months before disclosure. May's silence on Microsoft zero-days tells you about Microsoft's disclosure window, not about the threat landscape.

For boards. Useful pulse-check: what is the firm's actual median time-to-deploy on critical-rated CVEs across the production estate? If the answer is more than a working week and there is no documented exception process for the long tail, that is the gap.

3. The Cyber Security and Resilience Bill returned at Report Stage

The Cyber Security and Resilience (Network and Information Systems) Bill was reintroduced at Report Stage in the House of Commons on 14 May, having been carried over into the 2026-27 parliamentary session. The King's Speech the previous day reaffirmed the Bill as a government priority.

The substance has matured since the January reading. The Bill extends NIS Regulations scope to capture data centres, large-load controllers, managed service providers, and what the drafting calls upstream critical suppliers. Reporting obligations tighten: significant cyber incidents must be reported to the relevant regulator and NCSC within 24 hours, with a full report within 72 hours.

If you have ever heard a board ask are we in scope for NIS? and received an uncertain answer, the answer is about to matter more.

For boards. Within the next quarter, the executive should be presenting a position paper on three things: whether the firm is in current NIS scope, whether the new scope captures it, and what the gap is between current capability and the 24/72-hour reporting clock. The cost of finding out now is small; the cost of finding out later is not.

4. The ICO published a five-step guide to AI-powered cyber threats

On 15 May the Information Commissioner's Office published Five steps to protect your organisation from AI-powered cyber threats. The substance: AI is enabling faster, more advanced, and harder-to-detect attacks — AI-generated phishing, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning, and indirect prompt injection.

The five steps are not new. They are Cyber Essentials' five controls, the UK Cyber Governance Code of Practice as a minimum, robust patching, a tested incident response plan, and mapped third-party access with security baked into contracts. What is interesting is that the ICO has chosen to publish this as the regulator, framing what they will expect to see when investigating.

For boards. Treat this document as a checklist the ICO has just told you they will use. The right exec-level question: if we were asked tomorrow to evidence that we are doing each of these five things to a defensible standard, what would we struggle to produce?

5. The Bank of England, FCA and HM Treasury made a joint statement on frontier AI

Quietly published this week, a joint statement from the Bank of England, the FCA, and HM Treasury on Frontier AI models and cyber resilience. The statement signals an interest from the financial regulators in how frontier AI models are being adopted inside regulated firms, and what that means for operational resilience and consumer protection.

Three-party statements from these regulators are not idle communication. They tend to precede supervisory letters and, after that, expectations.

For boards in regulated FS. Add this statement to the audit committee bundle. Within six months, expect show us your inventory of frontier AI use to be a supervisory question.

The thread that ties this together

Three of these five stories are regulators or government setting expectations. The other two are the operating reality those expectations describe. The interesting shift in May has been the specificity of what the regulators want — five steps, twenty-four hours, named controls — rather than the usual high-level rhetoric.

The question for next week: if the next regulator letter to land on the chair's desk asks for evidence against the ICO's five steps, would we be proud of the answer?

That answer is the work.