Australia Just Built the Cyber Review Board the U.S. Disbanded — and Gave It a Power the U.S. Version Never Had

On Friday, May 1, 2026, Australian Home Affairs and Cyber Security Minister Tony Burke announced the establishment of the Cyber Incident Review Board, a seven-member statutory body modeled on the U.S. Cyber Safety Review Board the Trump administration disbanded mid-investigation in January 2025. Australia's version is chaired

First U.S. Karakurt Sentencing: 8.5 Years for the Negotiator Who Mailed Kids' Records

The DOJ sentenced Latvian national Deniss Zolotarjovs to 102 months in prison on May 4, 2026 — the first U.S. prosecution of a Karakurt member ever. Court documents tie the Conti-affiliated negotiator to extortion of more than 54 organizations, $56 million in losses across 13 victims alone, and a deliberate

ScarCruft Compromised a Yanbian Gaming Site to Hunt North Korean Defectors

ESET disclosed a North Korea-aligned APT37/ScarCruft supply-chain compromise of sqgame.net, a Yanbian-themed gaming platform serving the ethnic-Korean community on the China-North Korea border. Trojanized Android APKs deploy a new BirdCall backdoor port. The APKs are still live.

Patch MOVEit Now Before It Becomes 2023 All Over Again

A 9.8 unauthenticated authentication bypass and a 7.7 privilege escalation flaw in MOVEit Automation chain to full administrative control. Patch this week. Upgrading via the full installer is the only fix — there is no workaround. The product family is the same one Cl0p exploited to breach 2,100

DOJ's Scam Center Strike Force Restrained $701M and Seized Its First Telegram Channel — The Precedent That Will Outlast the Headline

Six days before the 276-arrest takedown, the DOJ's Scam Center Strike Force restrained $701.96 million in cryptocurrency, seized 503 fake investment websites, and pulled off the first-ever federal seizure of a Telegram channel — the recruitment funnel that lured trafficking victims into Cambodian scam compounds. The arrests got

State Health Exchanges Sent Citizenship and Race Data to TikTok and Meta

A Bloomberg investigation found that nearly all 20 U.S. state-run health insurance exchanges plus D.C. were sending applicant data — citizenship, race, ZIP codes, prescriptions, even disclosures about incarcerated family members — to TikTok, Meta, Google, Snap, and LinkedIn via misconfigured tracking pixels. More than 7 million Americans bought insurance

VENOMOUS#HELPER: SSA Phishing Drops Dual-RMM on 80+ Orgs by Living off Trusted Vendors

Securonix tracked a phishing campaign that has compromised more than 80 organizations — mostly U.S.-based — by abusing legitimate SimpleHelp and ConnectWise ScreenConnect remote-monitoring tools. The lure impersonates the U.S. Social Security Administration. The architecture is dual-RMM redundancy: when defenders detect one channel, the other persists. Securonix Threat Research

World Leaks Breaches Pro-Orbán Mediaworks: 15 Million Files Published, Hungarian Outlets Defy Reporting Threat

World Leaks — the rebrand of Hunters International — published 8.5 terabytes and roughly 15 million files from Mediaworks, Hungary's pro-Orbán media giant. Mediaworks asked journalists not to report on the leak, citing criminal data-handling law. At least one Hungarian outlet refused. The data-extortion group World Leaks claimed responsibility

Microsoft: AiTM Phishing Hit 35,000 Users at 13,000 Orgs in Three Days — Tycoon 2FA Takedown Did Not Kill the Technique

Microsoft Defender Research disclosed a sophisticated AiTM phishing campaign that hit 35,000+ users at 13,000+ organizations across 26 countries in just three days. 92% of targets were in the U.S. The lure was a fake employee disciplinary case. The reverse proxy stole session tokens — bypassing MFA in

DHS Used a 1930s Customs Law to Demand Google Hand Over Data on a Canadian Trump Critic

The Department of Homeland Security used a 1930s customs law to demand Google hand over a Canadian's location, activity logs, and identifying information — over anti-ICE posts. The Canadian has not entered the United States in more than ten years. The ACLU is suing. WIRED reported on May 4,

Defender Quarantined DigiCert Roots Worldwide — Here's the Fix

A Defender signature update flagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha and quarantined them worldwide. Microsoft fixed it in 1.449.430.0. The underlying DigiCert breach is the bigger story.

Apple, NVIDIA, Disney Impersonated in Telegram Mini App Scam Network

CTM360 names FEMITBOT — a shared backend running crypto scams, fake AI tools, and Android malware impersonating Apple, NVIDIA, Disney, and the BBC, all inside Telegram.