Cybersecurity News | Daily Recap [01 May 2026]

AI Security

• Anthropic launched Claude Security in public beta to scan repositories for vulnerabilities, explain repro steps, and generate patch guidance as AI-driven exploits accelerate. – Claude Sec
• Dataiku released Kiji Privacy Proxy, an open-source gateway that masks PII locally before prompts reach external AI APIs like OpenAI and Anthropic. – Privacy Proxy
• 31% of users receive no employer training on Shadow AI, underscoring growing governance and exposure risks. – Shadow AI
• Cisco open-sourced Model Provenance Kit to fingerprint third-party AI models, detect tampering, and assess supply-chain risk. – Model Provenance
• Bluekit emerged as an AI-assisted phishing service with 40+ templates for major platforms, reflecting the growing use of generative tools in cybercrime. – Bluekit Phishing

Ransomware & Sentencing

• Two former U.S. cybersecurity professionals were sentenced to 4 years each for helping the BlackCat/ALPHV ransomware gang extort victims and launder proceeds. – BlackCat Prison
• Another report on the same case says the ex-incident responders targeted multiple sectors, including a case involving a $1.27 million ransom, and ties the activity to broader ALPHV operations. – ALPHV Case, Ransomware Case

Windows & Microsoft

• Microsoft fixed incorrectly rendered Remote Desktop security warnings with optional preview update KB5083631 after April changes aimed at blocking risky RDP abuse. – RDP Fix
• Windows 11 preview update KB5083631 adds 34 changes, including Xbox mode, haptics, startup improvements, and Secure Boot certificate updates. – Win11 Update
• KB5083769 is breaking third-party backup tools via VSS snapshot timeouts on Windows 11 24H2/25H2, affecting products like Acronis and Macrium. – Backup Bug
• Microsoft also now lets admins remove selected pre-installed Store apps from managed systems. – Store Apps

Supply Chain Attacks

• PyTorch Lightning on PyPI was compromised with malicious versions 2.6.2 and 2.6.3 that deploy credential-stealing payloads and propagate via stolen GitHub tokens. – PyPI Attack
• SAP NPM packages used in CAP and Cloud MTA workflows were injected with a malicious preinstall script that exfiltrated cloud and local credentials in the Mini Shai-Hulud campaign. – SAP NPM
• The related TeamPCP-linked campaign also abused npm propagation and public GitHub repositories to spread stolen secrets. – TeamPCP, Mini Shai-Hulud

Threat Intelligence & Malware

• Criminal IP partnered with Securonix ThreatQ to automate enrichment of IP indicators with maliciousness scoring, VPN/proxy detection, and vulnerability context. – ThreatQ Intel
• Deep#Door is a stealthy Python-based backdoor on Windows that uses embedded scripts, persistence, and in-memory evasion for espionage and disruption. – DeepDoor Backdoor
• Cordial Spider and Snarky Spider are using voice phishing, MFA hijacking, and residential proxies to run fast-moving extortion campaigns across SaaS environments. – Spider Extortion
• AI, automation, and criminal data-sharing are shrinking time-to-exploit to hours or minutes, with tools like WormGPT and RedLine fueling industrialized cybercrime. – Cybercrime Speed

Vulnerabilities & Patching

• SonicWall urged immediate patching for three SonicOS flaws, including a high-severity access control bypass affecting Gen 6, Gen 7, and Gen 8 firewalls. – SonicWall Patch
• cPanel disclosed a zero-day (CVE-2026-41940) that was exploited for months before patching. – cPanel Zero-Day

Policy & Regulation

• The FCC tightened KYC rules for telecoms, added anti-robocall controls, and closed loopholes tied to banned foreign services and adversary-linked labs. – FCC KYC
• Congress extended Section 702 of FISA by 45 days amid surveillance reform disputes and compliance concerns. – Section 702

Cargo Theft & Fraud

• The FBI warned of a surge in cyber-enabled cargo theft, with losses in the U.S. and Canada reaching nearly $725 million in 2025. – Cargo Theft

Other News

• Automating pentest delivery aims to turn manual reporting into real-time remediation tracking with auto-routing, tickets, and SLA visibility. – Pentest Guide
• Related guidance highlights continuous delivery workflows for pentest findings and remediation validation. – Pentest Delivery
• Thomasz Szabo, a Romanian national, received 4 years for leading a swatting ring that targeted 75+ officials and institutions. – Swatting Ring

Cybersecurity News | Daily Recap – hendryadrian.com