← Latest brief

Security news.

·Afternoon Brief

Today's cybersecurity news highlights significant supply chain attacks and ongoing threats from sophisticated phishing campaigns. Multiple reports detail compromises of development packages and widespread account hijacking, alongside critical vulnerability disclosures.

THNPHISHING
May 1READ

30,000 Facebook Accounts Hacked via Google AppSheet Phishing

A Vietnamese-linked operation, "AccountDumpling," used Google AppSheet as a phishing relay to compromise approximately 30,000 Facebook accounts, which were then sold illicitly.

CISAKEV
May 1READ

CISA Adds Linux Kernel Vulnerability to KEV Catalog

CISA has added CVE-2026-31431, a Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.

THN
May 1READ

Cybercrime Groups Use Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Two cybercrime groups, Cordial Spider and Snarky Spider, are conducting "rapid, high-impact attacks" within SaaS environments, focusing on high-speed data theft and extortion with minimal traces.

EXPLOIT
READ

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines

A new software supply chain attack campaign uses "sleeper packages" to deliver malicious payloads, enabling credential theft, GitHub Actions tampering, and SSH persistence, attributed to the GitHub account "BufferZoneCorp."

SECURITYWEEK
May 1READ

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

The TeamPCP supply chain attack campaign has compromised npm packages for SAP's cloud application development ecosystem, as well as PyTorch Lightning and Intercom-client, affecting thousands and enabling credential theft.

BLEEPINGRANSOMWARE
May 1READ

US Ransomware Negotiators Get 4 Years in Prison for BlackCat Attacks

Two former cybersecurity incident response employees, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison each for facilitating BlackCat (ALPHV) ransomware attacks against U.S. companies.

SANS INTERNET STORM CENTERMALWARE
May 1READ

Malicious Ad for Homebrew Leads to MacSync Stealer

The SANS Internet Storm Center reports a malicious advertisement for Homebrew is distributing the MacSync Stealer, highlighting the risk of malvertising campaigns targeting developers.

SECURITYWEEKNATION-STATE
May 1READ

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

A stealthy Python-based backdoor framework, Deep#Door, has been discovered, designed to establish persistent access and harvest sensitive information from compromised Windows hosts, likely for espionage.

Generated twice daily from public security RSS feeds. Informational only.