Category: Daily Recap

Daily Recap, Active exploitation activity focused on WordPress and e-commerce attacks, including Funnel Builder issues impacting WooCommerce checkout skimming and Avada Builder flaws that can steal site credentials, alongside a critical NGINX vulnerability with publicly available PoC code. On the defensive and risk side, CISA directed U.S. federal agencies to patch an actively exploited Cisco SD-WAN bug, while supply-chain threats continued with OpenAI warning macOS users to update after a TanStack npm incident and node-ipc being compromised to steal credentials, as researchers also advanced findings around Turla’s Kazuar and the OpenClaw vulnerability cluster. #FunnelBuilder #WooCommerce #AvadaBuilder #NGINX #CiscoSD-WAN #CISA #TanStack #node-ipc #Turla #Kazuar #OpenClaw #THORChain #MicrosoftExchange #Windows11 #TakeItDownAct #FTC #TinaPeters #JaredPolis

Daily Recap, Microsoft warned that an Exchange Server zero-day is actively exploited, while Cisco faced an exploited SD-WAN auth-bypass and an 18-year-old NGINX flaw enabling DoS and potential RCE. OpenAI confirmed a TanStack-related supply-chain breach, and Ghostwriter used geofenced PDF phishing with Cobalt Strike against the Ukrainian government.
#ExchangeServer #Microsoft #Cisco #SD-WAN #NGINX #WordPress #BurstStatistics #OpenAI #TanStack #NodeIPC #Ghostwriter #UkrainianGovernment #CobaltStrike #ShaiHulud #TeamPCP #MistralAI #AmericanLendingCenter

Daily Recap, Microsoft pushed May Patch Tuesday fixes for 137 vulnerabilities (including 13 critical flaws) and addressed a zero-click Outlook issue, while Fortinet flagged critical RCE risks in FortiSandbox and FortiAuthenticator and Exim disclosed a BDAT flaw impacting GnuTLS-built systems. Across supply chain and incidents, RubyGems suspended new signups after hundreds of malicious packages tied to the Mini Shai-Hulud campaign, while Foxconn confirmed disruption tied to the Nitrogen ransomware gang and OpenLoop Health disclosed exposure affecting 716,000 people.
#MayPatchTuesday #Outlook #FortiSandbox #FortiAuthenticator #Exim #GnuTLS #RubyGems #MiniShaiHulud #TrickMo #TONC2 #Foxconn #Nitrogen #OpenLoopHealth #Canvas #Instructure #Daybreak #Exaforce #WhiteCircle #Android17 #Signal

Daily Recap, Major patch and supply-chain updates hit across SAP Commerce Cloud, SAP S/4HANA, and Apple’s macOS/iOS, while cPanel CVE-2026-41940 is actively exploited to drop a Filemanager backdoor. In parallel, the Shai-Hulud worm campaign weaponized signed TanStack, Mistral AI, and Guardrails AI npm packages, and extortion pressure drove an Instructure agreement with ShinyHunters over a 3.65TB Canvas leak.
#SAP #CommerceCloud #S4HANA #Apple #macOS #iOS #cPanel #CVE-2026-41940 #Filemanager #ShaiHulud #TanStack #MistralAI #GuardrailsAI #Instructure #ShinyHunters #Canvas #GhostLock #WestPharmaceuticalServices #FCC #Texas #Netflix #GM

Daily Recap, Google warned that attackers are using AI to craft a zero-day exploit for a web admin tool and reported the first AI-generated exploit detected before public use. Elsewhere, attackers leveraged Google ads and Claude.ai to push Mac malware, compromised Checkmarx’s Jenkins AST Plugin in a supply chain attack, and targeted multiple organizations through phishing and enterprise breaches.
#AI #Google #Claude.ai #Jenkins #Checkmarx #SailPoint #GitHub #Instructure #Canvas #ActiveDirectory #TrickMo #TON #Crimenetwork

Cybersecurity Threat Research ‘Weekly’ Recap. The week covered a wide range of campaigns and breaches, including infostealer/RAT distribution (Operation HumanitarianBait, OpenClaw/Hologram, Remcos RAT, GhostLoader, Vidar, Quasar Linux/QLNX, PCPJack) and phishing that abused trusted cloud/OAuth infrastructure (Code-of-conduct phishing, Trusted Infrastructure Phishing). It also highlighted Linux/kernel exploitation (Copy Fail/DirtyFrag, CVE-2026-43284, CVE-2026-43500), enterprise/cloud incidents (Canvas/Instructure with ShinyHunters, CallPhantom, malicious NuGet packages), and network/edge attacks (Nexcorium targeting CVE-2024-3721, PAN-OS zero-day RCE).
#OperationHumanitarianBait #OpenClaw #Hologram #Remcos #GhostLoader #Vidar #QuasarLinux #QLNX #PCPJack #CodeofconductPhishing #TrustedInfrastructurePhishing #InstallFix #ClaudeCode #OperationSilentRotor #OperationGriefLure #ScarCruft #APT37 #BirdCall #CVE-2026-43284 #CVE-2026-43500 #Canvas #Instructure #ShinyHunters #CallPhantom #Nexcorium #CVE-2024-3721 #PANOS

Daily Recap, Fake OpenAI repositories on Hugging Face pushed an infostealer, while the TCLBANKER banking trojan spread through WhatsApp and Outlook alongside fake call-history apps that reportedly amassed 7.3 million Play Store downloads before stealing payments; PamDOORa also emerged as a new Linux backdoor. In other headlines, cPanel and WHM released fixes for three vulnerabilities, Braintrust urged API key rotation after a breach, NVIDIA confirmed a GeForce NOW breach affecting Armenian users, and ShinyHunters claimed a second attack against Instructure. #HuggingFace #OpenAI #Infostealer #TCLBANKER #WhatsApp #Outlook #PlayStore #PamDOORa #Linux #cPanel #WHM #Braintrust #NVIDIA #GeForceNOW #Armenian #ShinyHunters #Instructure #APIKey

Daily Recap, Ivanti pushed urgent fixes for an actively exploited EPMM zero-day in EPMM after CISA ordered federal agencies to patch the targeted flaw within 4 days, while Linux “Dirty Frag” and a Palo Alto edge-device zero-day demonstrated continued exploitation of high-risk vulnerabilities. In other updates, RansomHouse claimed Trellix source-code theft, ShinyHunters’ Canvas extortion campaign reportedly affected nearly 9,000 schools, and new threats included TCLBanker spreading via WhatsApp and Outlook alongside PCPJack’s credential-stealing worm behavior. #Ivanti #EPMM #CISA #DirtyFrag #PaloAlto #RansomHouse #Trellix #ShinyHunters #Canvas #Zara #TCLBanker #WhatsApp #Outlook #PCPJack #TeamPCP #Vidar #ClickFix #Claude #Chrome #RansomHouse #NorthKorea #SOC

Daily Recap, today’s cybersecurity headlines cover regulatory actions against Kochava over location data, and privacy settlements tied to Forbes, while data-exposure incidents affected Vimeo and Canvas. The report also flags critical vulnerabilities, such as Bleeding Llama (CVE-2026-7482) in Ollama and MOVEit flaws, plus active phishing and threat campaigns like VENOMOUS#HELPER and BirdCall, along with the Karakurt extortion group. #Kochava #Forbes #Vimeo #Canvas #ShinyHunters #BirdCall #Karakurt #Conti #BlackCat #Trellix #AstrixSecurity #ShaiWorm #VENOMOUS_HELPER #BleedingLlama #Ollama #MOVEit #PixelTitanM2

Daily Recap, Copy Fail, a Linux kernel vulnerability (CVE-2026-31431), is now being actively exploited to gain root on major distributions, with a public PoC and a mandatory patch deadline of May 15, alongside MOVEit Automation CVE-2026-4670 that enables remote, unauthenticated access and a privilege-escalation fix (CVE-2026-5174) as more than 1,400 instances remain exposed. DigiCert revoked 60 certificates after a support-portal breach exposed EV code-signing certificates used by the Zhong Stealer family, Instructure confirmed a breach claimed by ShinyHunters, and broader themes include AI-driven security and data-center risk with Pentagon AI deals and MSP-focused defense of backups. #CopyFail #MOVEitAutomation #ZhongStealer #ShinyHunters #DigiCert #Instructure #MSPs #Pentagon

Cybersecurity Threat Research ‘Weekly’ Recap. The briefing covers AI, SaaS, and collaboration threats with prompt injection and OAuth abuse, phishing and BEC intrusions, supply chain abuse, ransomware campaigns, cloud and Kubernetes security, vulnerability research, and new threat intel tooling, naming campaigns such as PromptMink, Cordial Spider, Snarky Spider, VECT RaaS, Silver Fox, and ABCDoor #PromptMink #CordialSpider.

Daily Recap, phishing and account abuse dominated the news, with ConsentFix v3 abusing OAuth to hijack Azure tokens, Bluekit offering AI-assisted phishing templates, AccountDumpling compromising roughly 30,000 Facebook accounts via Google AppSheet, and Cordial Spider and Snarky Spider using vishing and SSO abuse to extort users inside Google Workspace, HubSpot, SharePoint, and Salesforce. Nation-state activity followed with a China-linked SHADOW-EARTH-053 cluster targeting Asian governments, a Poland NATO state, journalists, and activists using Exchange/IIS exploits and ShadowPad, plus GLITTER CARP and SEQUIN CARP phishing aimed at journalists and activists; the report also covers urgent cPanel patching, revised bug bounties, guidance on secure deployment of agentic AI, and notable breaches at Trellix and Instructure, as well as the ANTS data breach case. #ConsentFix #Azure #Bluekit #AccountDumpling #Facebook #Meta #AppSheet #CordialSpider #SnarkySpider #SHADOW_EARTH_053 #ShadowPad #GLITTERCARP #SEQUINCARP #cPanel #Trellix #Instructure #ANTS #ALPHV #BlackCat #ScatteredSpider #GUARDAct #WindowsRun

Daily Recap, AI Security updates highlight Claude Security’s public beta for repository vulnerability scanning and Dataiku’s Kiji Privacy Proxy to locally mask PII before prompts reach external AI APIs. The report also notes governance gaps with Shadow AI, Cisco’s Model Provenance Kit for fingerprinting AI models and detecting tampering, and the emergence of AI-assisted phishing like Bluekit, along with other ransomware, supply-chain, and vulnerability news across Windows, SAP, and related ecosystems. #ClaudeSecurity #BluekitPhishing

Daily Recap, critical supply-chain flaws in Gemini CLI and SAP npm could enable host RCE, token theft, and secret-stealing malware in CI/CD and developer environments. Daily Recap, a WordPress redirect plugin used by over 70,000 sites hid a dormant backdoor for five years while a separate GitHub flaw exposed millions of private repositories. #GeminiCLI #SAPnpm #WordPressBackdoor #GitHubRCE #cPanelZeroDay #CopyFail #Qinglong #PromptMink #SandhillsMedical #Roblox #Dubai #CryptoScamRaid #VercelBreach

Daily Recap, European police dismantled a €50 million crypto investment scam ring operating fake trading call centers in Tirana and using remote-access tools to steal and launder funds, while multiple critical vulnerabilities were exploited across LiteLLM, GitHub, Windows, and OpenEMR. The day also featured supply-chain breaches, ransomware tensions, and AI policy debates involving Checkmarx, Vimeo, VECT 2.0, LAPSUS$, BlueNoroff, Handala, Scattered Spider, and NGA as attackers, victims, and policymakers navigate an evolving threat landscape. #CryptoRing #LiteLLM #GitHub #Windows #OpenEMR #Checkmarx #LAPSUS$ #Vimeo #VECT #BlueNoroff #Handala #ScatteredSpider #NGA #ClaudeMythos #Kaseya #CoinbaseCartel #Snowflake #BigQuery