Category: Daily Recap

Daily Recap, Major patch and supply-chain updates hit across SAP Commerce Cloud, SAP S/4HANA, and Apple’s macOS/iOS, while cPanel CVE-2026-41940 is actively exploited to drop a Filemanager backdoor. In parallel, the Shai-Hulud worm campaign weaponized signed TanStack, Mistral AI, and Guardrails AI npm packages, and extortion pressure drove an Instructure agreement with ShinyHunters over a 3.65TB Canvas leak.
#SAP #CommerceCloud #S4HANA #Apple #macOS #iOS #cPanel #CVE-2026-41940 #Filemanager #ShaiHulud #TanStack #MistralAI #GuardrailsAI #Instructure #ShinyHunters #Canvas #GhostLock #WestPharmaceuticalServices #FCC #Texas #Netflix #GM

Daily Recap, Google warned that attackers are using AI to craft a zero-day exploit for a web admin tool and reported the first AI-generated exploit detected before public use. Elsewhere, attackers leveraged Google ads and Claude.ai to push Mac malware, compromised Checkmarx’s Jenkins AST Plugin in a supply chain attack, and targeted multiple organizations through phishing and enterprise breaches.
#AI #Google #Claude.ai #Jenkins #Checkmarx #SailPoint #GitHub #Instructure #Canvas #ActiveDirectory #TrickMo #TON #Crimenetwork

Cybersecurity Threat Research ‘Weekly’ Recap. The week covered a wide range of campaigns and breaches, including infostealer/RAT distribution (Operation HumanitarianBait, OpenClaw/Hologram, Remcos RAT, GhostLoader, Vidar, Quasar Linux/QLNX, PCPJack) and phishing that abused trusted cloud/OAuth infrastructure (Code-of-conduct phishing, Trusted Infrastructure Phishing). It also highlighted Linux/kernel exploitation (Copy Fail/DirtyFrag, CVE-2026-43284, CVE-2026-43500), enterprise/cloud incidents (Canvas/Instructure with ShinyHunters, CallPhantom, malicious NuGet packages), and network/edge attacks (Nexcorium targeting CVE-2024-3721, PAN-OS zero-day RCE).
#OperationHumanitarianBait #OpenClaw #Hologram #Remcos #GhostLoader #Vidar #QuasarLinux #QLNX #PCPJack #CodeofconductPhishing #TrustedInfrastructurePhishing #InstallFix #ClaudeCode #OperationSilentRotor #OperationGriefLure #ScarCruft #APT37 #BirdCall #CVE-2026-43284 #CVE-2026-43500 #Canvas #Instructure #ShinyHunters #CallPhantom #Nexcorium #CVE-2024-3721 #PANOS

Daily Recap, Fake OpenAI repositories on Hugging Face pushed an infostealer, while the TCLBANKER banking trojan spread through WhatsApp and Outlook alongside fake call-history apps that reportedly amassed 7.3 million Play Store downloads before stealing payments; PamDOORa also emerged as a new Linux backdoor. In other headlines, cPanel and WHM released fixes for three vulnerabilities, Braintrust urged API key rotation after a breach, NVIDIA confirmed a GeForce NOW breach affecting Armenian users, and ShinyHunters claimed a second attack against Instructure. #HuggingFace #OpenAI #Infostealer #TCLBANKER #WhatsApp #Outlook #PlayStore #PamDOORa #Linux #cPanel #WHM #Braintrust #NVIDIA #GeForceNOW #Armenian #ShinyHunters #Instructure #APIKey

Daily Recap, Ivanti pushed urgent fixes for an actively exploited EPMM zero-day in EPMM after CISA ordered federal agencies to patch the targeted flaw within 4 days, while Linux “Dirty Frag” and a Palo Alto edge-device zero-day demonstrated continued exploitation of high-risk vulnerabilities. In other updates, RansomHouse claimed Trellix source-code theft, ShinyHunters’ Canvas extortion campaign reportedly affected nearly 9,000 schools, and new threats included TCLBanker spreading via WhatsApp and Outlook alongside PCPJack’s credential-stealing worm behavior. #Ivanti #EPMM #CISA #DirtyFrag #PaloAlto #RansomHouse #Trellix #ShinyHunters #Canvas #Zara #TCLBanker #WhatsApp #Outlook #PCPJack #TeamPCP #Vidar #ClickFix #Claude #Chrome #RansomHouse #NorthKorea #SOC

Daily Recap, today’s cybersecurity headlines cover regulatory actions against Kochava over location data, and privacy settlements tied to Forbes, while data-exposure incidents affected Vimeo and Canvas. The report also flags critical vulnerabilities, such as Bleeding Llama (CVE-2026-7482) in Ollama and MOVEit flaws, plus active phishing and threat campaigns like VENOMOUS#HELPER and BirdCall, along with the Karakurt extortion group. #Kochava #Forbes #Vimeo #Canvas #ShinyHunters #BirdCall #Karakurt #Conti #BlackCat #Trellix #AstrixSecurity #ShaiWorm #VENOMOUS_HELPER #BleedingLlama #Ollama #MOVEit #PixelTitanM2

Daily Recap, Copy Fail, a Linux kernel vulnerability (CVE-2026-31431), is now being actively exploited to gain root on major distributions, with a public PoC and a mandatory patch deadline of May 15, alongside MOVEit Automation CVE-2026-4670 that enables remote, unauthenticated access and a privilege-escalation fix (CVE-2026-5174) as more than 1,400 instances remain exposed. DigiCert revoked 60 certificates after a support-portal breach exposed EV code-signing certificates used by the Zhong Stealer family, Instructure confirmed a breach claimed by ShinyHunters, and broader themes include AI-driven security and data-center risk with Pentagon AI deals and MSP-focused defense of backups. #CopyFail #MOVEitAutomation #ZhongStealer #ShinyHunters #DigiCert #Instructure #MSPs #Pentagon

Cybersecurity Threat Research ‘Weekly’ Recap. The briefing covers AI, SaaS, and collaboration threats with prompt injection and OAuth abuse, phishing and BEC intrusions, supply chain abuse, ransomware campaigns, cloud and Kubernetes security, vulnerability research, and new threat intel tooling, naming campaigns such as PromptMink, Cordial Spider, Snarky Spider, VECT RaaS, Silver Fox, and ABCDoor #PromptMink #CordialSpider.

Daily Recap, phishing and account abuse dominated the news, with ConsentFix v3 abusing OAuth to hijack Azure tokens, Bluekit offering AI-assisted phishing templates, AccountDumpling compromising roughly 30,000 Facebook accounts via Google AppSheet, and Cordial Spider and Snarky Spider using vishing and SSO abuse to extort users inside Google Workspace, HubSpot, SharePoint, and Salesforce. Nation-state activity followed with a China-linked SHADOW-EARTH-053 cluster targeting Asian governments, a Poland NATO state, journalists, and activists using Exchange/IIS exploits and ShadowPad, plus GLITTER CARP and SEQUIN CARP phishing aimed at journalists and activists; the report also covers urgent cPanel patching, revised bug bounties, guidance on secure deployment of agentic AI, and notable breaches at Trellix and Instructure, as well as the ANTS data breach case. #ConsentFix #Azure #Bluekit #AccountDumpling #Facebook #Meta #AppSheet #CordialSpider #SnarkySpider #SHADOW_EARTH_053 #ShadowPad #GLITTERCARP #SEQUINCARP #cPanel #Trellix #Instructure #ANTS #ALPHV #BlackCat #ScatteredSpider #GUARDAct #WindowsRun

Daily Recap, AI Security updates highlight Claude Security’s public beta for repository vulnerability scanning and Dataiku’s Kiji Privacy Proxy to locally mask PII before prompts reach external AI APIs. The report also notes governance gaps with Shadow AI, Cisco’s Model Provenance Kit for fingerprinting AI models and detecting tampering, and the emergence of AI-assisted phishing like Bluekit, along with other ransomware, supply-chain, and vulnerability news across Windows, SAP, and related ecosystems. #ClaudeSecurity #BluekitPhishing

Daily Recap, critical supply-chain flaws in Gemini CLI and SAP npm could enable host RCE, token theft, and secret-stealing malware in CI/CD and developer environments. Daily Recap, a WordPress redirect plugin used by over 70,000 sites hid a dormant backdoor for five years while a separate GitHub flaw exposed millions of private repositories. #GeminiCLI #SAPnpm #WordPressBackdoor #GitHubRCE #cPanelZeroDay #CopyFail #Qinglong #PromptMink #SandhillsMedical #Roblox #Dubai #CryptoScamRaid #VercelBreach

Daily Recap, European police dismantled a €50 million crypto investment scam ring operating fake trading call centers in Tirana and using remote-access tools to steal and launder funds, while multiple critical vulnerabilities were exploited across LiteLLM, GitHub, Windows, and OpenEMR. The day also featured supply-chain breaches, ransomware tensions, and AI policy debates involving Checkmarx, Vimeo, VECT 2.0, LAPSUS$, BlueNoroff, Handala, Scattered Spider, and NGA as attackers, victims, and policymakers navigate an evolving threat landscape. #CryptoRing #LiteLLM #GitHub #Windows #OpenEMR #Checkmarx #LAPSUS$ #Vimeo #VECT #BlueNoroff #Handala #ScatteredSpider #NGA #ClaudeMythos #Kaseya #CoinbaseCartel #Snowflake #BigQuery

Daily Recap, the latest cybersecurity news covers Microsoft’s plan to block legacy TLS 1.0 and TLS 1.1 for Exchange Online starting July 2026 and an Outlook outage that forced iPhone Mail reauthentication after degradation. It also highlights espionage and vulnerability disclosures, including Xu Zewei’s extradition linked to Silk Typhoon/HAFNIUM, Russia-linked Signal phishing, and breaches affecting Medtronic and ADT, plus supply-chain activity around PyPI and GlassWorm. #XuZewei #SilkTyphoon #HAFNIUM #Medtronic #ADT #PyPI #GlassWorm

Daily Recap, BlackFile extortion targets retail and hospitality with seven-figure ransoms using voice phishing, IT-support impersonation, and leaked-data sites, while romance and pig-butchering scams continue to devastate victims. Malware activity includes UNC6692 deploying the SnowBelt browser extension for persistence and credential theft, and fast16—a 20-year-old Lua-based sabotage framework predating Stuxnet—plus espionage links to Xu Zewei and HAFNIUM/Silk Typhoon attacks on Microsoft Exchange. #BlackFile #SnowBelt #UNC6692 #fast16 #Stuxnet #XuZewei #HAFNIUM #SilkTyphoon #MicrosoftExchange #Duo #Itron #Pack2TheRoot #PackageKit #TLSConnect #LuLu #TibetanVote #COVID19VaccineResearch

Cybersecurity Threat Research ‘Weekly’ Recap. The report highlights activity across supply chains, APT intrusions, phishing, ransomware, edge and IoT infrastructure, and AI-enabled exploitation, noting Open VSX sleeper extensions delivering GlassWorm and npm supply-chain worms. The analysis also covers covert C2, credential theft, and domain spoofing in developer ecosystems, with groups such as GopherWhisper, Tropic Trooper, Mustang Panda, UNC6692, and others deploying staged loaders, custom beacons, shadow firmware, and crypto drainers. #GlassWorm #GopherWhisper