Cybersecurity News | Daily Recap [02 May 2026]

Phishing & Account Abuse

• ConsentFix v3 uses automated OAuth abuse, Cloudflare Pages phishing, and Pipedream to steal Microsoft tokens and hijack Azure accounts – ConsentFix v3
• Bluekit is an AI-assisted phishing kit with 40+ templates, anti-bot cloaking, voice cloning, and Telegram exfiltration, though it is still in development – Bluekit Kit
• A Vietnamese-linked AccountDumpling campaign abused Google AppSheet to phish Meta Support logins, impacting roughly 30,000 Facebook accounts and stealing 2FA codes and ID photos – AppSheet Fraud
• Cordial Spider and Snarky Spider used vishing and SSO abuse to rapidly extort victims inside SaaS platforms like Google Workspace, HubSpot, SharePoint, and Salesforce – SaaS Extortion

Nation-State & Espionage

• A China-linked cluster tracked as SHADOW-EARTH-053 targeted Asian governments, a Poland NATO state, journalists, and activists with Exchange/IIS exploits, ShadowPad, and web shells – Shadow Earth
• Citizen Lab also tied separate phishing activity to GLITTER CARP and SEQUIN CARP, aimed at journalists and activists – CARP Phishing

Vulnerabilities & Patching

• CISA ordered federal agencies to patch a cPanel vulnerability by Sunday, underscoring the risk of delayed remediation – cPanel Fix
• Google revamped Chrome and Android bug bounties, lowering many Chrome payouts while raising select Android rewards amid a surge in AI-assisted vulnerability discovery – Bug Bounties
• Five national cybersecurity agencies issued guidance for securely deploying agentic AI, stressing zero trust, least privilege, encryption, human approval, and defenses against prompt injection – AI Agents

Breach & Incident Response

• Trellix confirmed unauthorized access to part of its source code repository but said there is no evidence the code was released or exploited – Trellix Breach
• Instructure disclosed a cyber incident and said it is investigating the impact on its systems and data – Instructure Incident
• France detained a 15-year-old over the ANTS data breach after a forum post claimed access to up to 18 million records, with 11.7 million accounts later confirmed impacted – ANTS Breach

Ransomware & Justice

• Two incident responders received 4-year prison sentences for secretly running ALPHV/BlackCat ransomware attacks that generated a $1.2 million extortion and exposed sensitive patient data – BlackCat Case
• A wider roundup highlighted arrests, sanctions, major data exposures, and critical vulnerabilities, including the arrest of a Scattered Spider suspect and North Korean social engineering against crypto firms – Threat Roundup

Policy & Product Updates

• The U.S. Senate Judiciary advanced the GUARD Act, which would restrict minors from AI companions and require chatbots to disclose they are not human – GUARD Act
• Microsoft is testing a modernized Windows Run dialog in Windows 11 with Fluent Design, dark mode, and faster performance than the legacy version – Windows Run

Cybersecurity News | Daily Recap – hendryadrian.com