276 Arrested in Unprecedented US-China Pig-Butchering Crackdown — Nine Crypto Fraud Centers Shut Down

276 suspects arrested and 9 cryptocurrency fraud centers dismantled in a joint US-China operation targeting pig-butchering scams that have cost American victims millions — the DOJ called it "unprecedented" bilateral cooperation.

SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack — Browser Passwords Now Targeted

Official SAP npm packages were backdoored on April 29 in the latest Mini Shai-Hulud wave — adding browser credential theft across Chrome, Safari, and Edge to the campaign's existing cloud secret harvesting. Over 1,100 victim repositories confirmed.

GitHub CVE-2026-3854: One git push Was All It Took to Access Millions of Private Repositories

Wiz discovered CVE-2026-3854 — a critical GitHub RCE where a single crafted git push gave attackers cross-tenant code execution and access to millions of private repositories. 88% of GHES instances were still unpatched at public disclosure.

Ransomware Negotiators Sentenced: Sygnia and DigitalMint Employees Get 4 Years for Acting as BlackCat Affiliates

Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint) were sentenced to 4 years in federal prison for acting as BlackCat ransomware affiliates while employed as incident response professionals — attacking the same clients they were hired to help.

Shadow-Earth-053: Trend Micro Confirms China Spy Group Targets Journalists and Activists Alongside Governments and Defense

Trend Micro publishes full technical attribution of Shadow-Earth-053 — confirming the China-linked group targets journalists and civil society activists alongside governments and defense sectors across Asia and one NATO member state.

Scattered Spider Member "Bouquet" Arrested in Finland — Peter Stokes, 19, Charged With Four Intrusions Starting at Age 16

Peter Stokes (alias "Bouquet"), 19, was arrested in Finland on April 10 while boarding a flight to Tokyo — charged with four Scattered Spider intrusions since age 16, including an $8M ransom demand against a luxury retailer.

Europol IOCTA 2026: AI, Encryption, and Cybercrime-as-a-Service Are Widening the Velocity Gap Between Criminals and Defenders

Europol's IOCTA 2026 warns that cybercrime has industrialized — AI, encryption, and CaaS are widening the velocity gap between criminal innovation and law enforcement capability, with 120+ ransomware variants and $10.5T in projected 2026 costs.

Cordial Spider and Snarky Spider: Two New Com-Affiliated Groups Are Running the Scattered Spider Playbook at Scale

CrowdStrike documents Cordial Spider and Snarky Spider — two new Com-affiliated groups running vishing and SSO phishing campaigns against enterprise SaaS environments with seven-figure extortion demands and no malware deployed.

CISA Orders Federal Agencies to Patch Critical cPanel Authentication Bypass CVE-2026-41940 by Sunday

CISA added CVE-2026-41940 in cPanel and WHM to its KEV catalog with a binding 48-hour patch mandate for all federal agencies — a critical authentication bypass already exploited in the wild granting full host takeover.

PyTorch Lightning Compromised in Supply Chain Attack — Malware Steals Credentials Automatically on Import

Versions 2.6.2 and 2.6.3 of PyTorch Lightning were compromised in a supply chain attack — executing credential-stealing malware automatically on import, targeting SSH keys, cloud credentials, GitHub tokens, and crypto wallets.

France Arrests 15-Year-Old "breach3d" for Hacking ANTS National ID Agency — 11.7 Million Accounts Exposed

A 15-year-old operating as "breach3d" breached France's ANTS national ID agency exposing 11.7 million accounts with passport and driver's license data — and listed 12–19 million records for sale on criminal forums.

Europol Operation PowerOFF Sends 75,000 Warning Letters to DDoS-for-Hire Customers Across 21 Nations

Operation PowerOFF enters its prevention phase — 75,000 warning letters to identified DDoS-for-hire customers, 53 domains seized, 4 arrests, and 3 million criminal accounts as a persistent enforcement asset.