Security news.
Today's cybersecurity news highlights significant supply chain attacks and ongoing threats from sophisticated phishing campaigns. Multiple reports detail compromises of development packages and widespread account hijacking, alongside critical vulnerability disclosures.
30,000 Facebook Accounts Hacked via Google AppSheet Phishing
A Vietnamese-linked operation, "AccountDumpling," used Google AppSheet as a phishing relay to compromise approximately 30,000 Facebook accounts, which were then sold illicitly.
CISA Adds Linux Kernel Vulnerability to KEV Catalog
CISA has added CVE-2026-31431, a Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.
Cybercrime Groups Use Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Two cybercrime groups, Cordial Spider and Snarky Spider, are conducting "rapid, high-impact attacks" within SaaS environments, focusing on high-speed data theft and extortion with minimal traces.
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines
A new software supply chain attack campaign uses "sleeper packages" to deliver malicious payloads, enabling credential theft, GitHub Actions tampering, and SSH persistence, attributed to the GitHub account "BufferZoneCorp."
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
The TeamPCP supply chain attack campaign has compromised npm packages for SAP's cloud application development ecosystem, as well as PyTorch Lightning and Intercom-client, affecting thousands and enabling credential theft.
US Ransomware Negotiators Get 4 Years in Prison for BlackCat Attacks
Two former cybersecurity incident response employees, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison each for facilitating BlackCat (ALPHV) ransomware attacks against U.S. companies.
Malicious Ad for Homebrew Leads to MacSync Stealer
The SANS Internet Storm Center reports a malicious advertisement for Homebrew is distributing the MacSync Stealer, highlighting the risk of malvertising campaigns targeting developers.
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption
A stealthy Python-based backdoor framework, Deep#Door, has been discovered, designed to establish persistent access and harvest sensitive information from compromised Windows hosts, likely for espionage.