Cybersecurity Newsfeed - 04/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 04/05/26
🛡️ Vulnerabilities
CISA KEV Update (May 2026): CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Federal agencies are mandated to remediate the flaw within specific timeframes. More info
SonicWall SonicOS Critical Patches: SonicWall released critical patches for three vulnerabilities affecting SonicOS firmware in Generation 6, 7, and 8 firewalls. These flaws could allow unauthenticated DoS or arbitrary code execution. More info
Microsoft Defender False Positive: Microsoft addressed an issue where Defender erroneously flagged legitimate DigiCert security certificates as
Trojan:Win32/Cerdigent!adha, causing significant operational disruption. More info
🎯 Adversaries
Salt Typhoon Targets IBM Subsidiary: The breach of an IBM subsidiary in Italy underscores the persistent threat of Chinese state-sponsored actors against European critical infrastructure and telecommunications. More info
VECT 2.0 Ransomware Acting as Wiper: Researchers identified a destructive trend where VECT 2.0 often destroys victim data even after payment, functioning more as a wiper than traditional ransomware. More info
ConsentFix v3 Azure Attacks: A sophisticated campaign targeting Microsoft Azure environments through automated OAuth consent abuse to gain persistent, high-level access without credentials. More info
Massive Chinese Cybercrime Operation: An operation involving over 45,000 attacks and 53,000 backdoors globally has been identified, utilizing automated scanning to exploit public-facing servers. More info
China-Linked Espionage in Asia: State-linked hackers are targeting Asian government and financial institutions using custom malware and advanced social engineering for strategic data exfiltration. More info
Jenkins Servers Abused for DDoS: Threat actors are exploiting Jenkins servers to build a powerful DDoS botnet specifically targeting gaming infrastructure. More info
📈 Trends
86% of Phishing is AI-Driven: KnowBe4 research indicates that the vast majority of modern phishing attacks are now enhanced by AI to craft more convincing and personalized social engineering messages. More info
Telegram Mini Apps Abused: Cybercriminals are increasingly exploiting Telegram Mini Apps to orchestrate crypto scams and deliver Android malware via “earn-to-play” games and bots. More info
SaaS Abuse (Google AppSheet): A phishing campaign is utilizing Google AppSheet to host “AccountDumpling” scams aimed at harvesting Facebook credentials through legitimate infrastructure. More info
Abuse of AI Platforms (Hugging Face/ClawHub): Platforms like Hugging Face and ClawHub are being leveraged by threat actors to distribute malware disguised as legitimate datasets or models. More info
💥 Breaches & Leaks
Trellix Internal Code Repository Breach: Trellix disclosed unauthorized access to one of its internal code repositories. The company stated the incident was limited and did not impact customer-facing products. More info
15-Year-Old Detained in French Govt Breach: French authorities detained a teenager in connection with a data breach at a government agency that exposed sensitive administrative data. More info
Vercel Supply Chain Vulnerability: A breach at Vercel exposed a supply chain vulnerability involving OAuth token abuse, potentially allowing unauthorized modifications to hosted projects. More info
📚 Others
- Strategic Collaboration: Criminal IP, Securonix, and ThreatQ announced a partnership to integrate threat intelligence and security analytics platforms for enhanced detection. More info