A Stalker's Own Database Exposed 86,859 Surveillance Images

The operator who installed the spyware was the one who left the cloud bucket open.

Sham NPI Numbers Pulled 300,000 Records From Epic, Lawsuit Alleges

The breach didn't need a hack. It needed an interoperability framework that took fake clinics at their word.

Canvas Maker Hit With Second Security Incident in Eight Months

Instructure says its forensics team believes the latest attack is contained — but won't yet say what's been touched.

ConsentFix v3 Runs on Cloudflare, Dropbox, and ZoomInfo

The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.

Linux "Copy Fail" CVE-2026-31431 Added to CISA KEV — Every Kernel Since 2017 Affected

CISA added CVE-2026-31431 — "Copy Fail" — to its KEV catalog after confirming active exploitation of a Linux kernel privilege escalation flaw affecting every distribution running kernels since 2017, allowing unprivileged users to gain root.

30,000 Facebook Business Accounts Stolen via Google AppSheet Phishing — "AccountDumpling" Operation Exposed

Vietnamese-linked operation "AccountDumpling" has compromised 30,000 Facebook Business accounts by sending phishing emails from Google's legitimate AppSheet address — bypassing spam filters and running a criminal resale storefront for stolen accounts.

LiteLLM CVE-2026-42208: SQL Injection Exploited in 36 Hours — AI Gateway Credentials at Risk

CVE-2026-42208 in LiteLLM — the open-source AI gateway with 45K GitHub stars — was exploited within 36 hours of disclosure with no public PoC. A successful attack yields OpenAI org keys, Anthropic workspace admin keys, and AWS Bedrock credentials.

276 Arrested in Unprecedented US-China Pig-Butchering Crackdown — Nine Crypto Fraud Centers Shut Down

276 suspects arrested and 9 cryptocurrency fraud centers dismantled in a joint US-China operation targeting pig-butchering scams that have cost American victims millions — the DOJ called it "unprecedented" bilateral cooperation.

SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack — Browser Passwords Now Targeted

Official SAP npm packages were backdoored on April 29 in the latest Mini Shai-Hulud wave — adding browser credential theft across Chrome, Safari, and Edge to the campaign's existing cloud secret harvesting. Over 1,100 victim repositories confirmed.

GitHub CVE-2026-3854: One git push Was All It Took to Access Millions of Private Repositories

Wiz discovered CVE-2026-3854 — a critical GitHub RCE where a single crafted git push gave attackers cross-tenant code execution and access to millions of private repositories. 88% of GHES instances were still unpatched at public disclosure.

Ransomware Negotiators Sentenced: Sygnia and DigitalMint Employees Get 4 Years for Acting as BlackCat Affiliates

Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint) were sentenced to 4 years in federal prison for acting as BlackCat ransomware affiliates while employed as incident response professionals — attacking the same clients they were hired to help.

Shadow-Earth-053: Trend Micro Confirms China Spy Group Targets Journalists and Activists Alongside Governments and Defense

Trend Micro publishes full technical attribution of Shadow-Earth-053 — confirming the China-linked group targets journalists and civil society activists alongside governments and defense sectors across Asia and one NATO member state.