Nicholas Robert - The CyberSignal

White line art on slate blue-grey: a stack of database cylinders with a diagonal slash, a video-call window with a red-orange end-call dot, and a chat bubble with code brackets.

Cyber Crime

A Federal Jury Just Convicted One of the Brothers Who Wiped 96 Government Databases After Being Fired by Video Call

A federal jury in Alexandria, Virginia convicted Sohaib Akhter on May 7, 2026 for his role in deleting roughly 96 U.S. government databases at federal contractor Opexus on the day he and his twin brother were fired in February 2025. The case is also notable for an unprecedented detail:

08 May 2026

White line art on rust brown: an open filing cabinet drawer with three dashboard outlines (chart, gauge, line graph) fanned behind, an open padlock, and a red-orange accent dot.

Application Security

RansomHouse Claims the Trellix Breach, and the Screenshots Show More Than Source Code

RansomHouse claimed responsibility on May 7 for the Trellix breach the cybersecurity firm disclosed last week — and Cybernews researchers say screenshots posted by the group show internal VMware, Rubrik, and Dell EMC dashboards. That's a much wider compromise than Trellix's "portion of our source code

08 May 2026

White line art on olive green: two server racks linked by a shared cable through a central hexagonal node, with a bracket-handshake symbol above and a red-orange accent dot.

Threat Intelligence

Two Pro-Ukraine Hacktivist Groups Are Now Sharing Infrastructure — and It Looks Quasi-State-Sponsored

Kaspersky researchers reported on May 7-8 that pro-Ukraine hacktivist groups BO Team (also known as Black Owl) and Head Mare appear to be coordinating their cyber operations against Russian organizations — sharing infrastructure including command-and-control systems on the same compromised host. BO Team had previously operated more autonomously than other hacktivist

08 May 2026

White line art on forest green: a laptop with a defaced login screen, three schoolhouse silhouettes connected by lines, a "MAY 12" calendar tile, and a red-orange accent dot.

shinyhunters

Canvas Defaced Worldwide: ShinyHunters Tells Schools to Pay Up Individually by May 12

ShinyHunters defaced Canvas login pages worldwide on May 7 — disrupting finals week at Harvard, Penn, Duke, and Virginia Tech. The group claims 275 million records from 9,000 schools and is now telling individual schools to negotiate ransom payments by May 12. Instructure had declared the May 1 incident contained

08 May 2026

Minimalist white line art on maroon: an open vault door with files spilling out onto a curved globe-grid, with an unlocked padlock above.

Application Security

WIRED Found 380,000 Vibe-Coded Apps on the Open Web — and 5,000 of Them Were Leaking Corporate Data

WIRED's Andy Greenberg published an investigation on May 7, 2026 reporting that the Israeli cybersecurity firm RedAccess found roughly 380,000 publicly accessible web assets built with AI "vibe-coding" platforms — Lovable, Base44, Replit, and Netlify — of which around 5,000 exposed sensitive corporate data and another

07 May 2026

Minimalist white line art on coral: a theatrical face mask hovering above a webcam and a video-call window, with strings connecting the mask to both like a puppet.

Fraud

A 404 Media Reporter Watched Someone Else Become Him, Live, on Microsoft Teams

404 Media's Joseph Cox published an investigation on May 7, 2026 in which he obtained, installed, and personally tested Haotian AI — a Chinese realtime deepfake software marketed to scammers — and watched a Cambodia-based operator's face shapeshift into his own during a live Microsoft Teams call. Haotian

07 May 2026

Minimalist white line art on beige: a hand emerges from a 'VERIFY' box holding a pill capsule toward a clipboard.

phishing

Australia Warns That Fake Cloudflare CAPTCHAs on Real Australian Websites Are Pushing Vidar Stealer

The Australian Signals Directorate's Australian Cyber Security Centre published an advisory on May 7, 2026 warning that pro-criminal threat actors are using compromised legitimate Australian WordPress websites as launch pads for ClickFix social-engineering attacks delivering the Vidar Stealer information-stealing malware. Visitors to compromised Australian business websites are shown

07 May 2026

Minimalist white line art on bright cyan-teal: a wax-sealed envelope with a small backdoor cut into one side, beside three stacked file icons on a shelf.

Malware

Daemon Tools Was Trojanized for a Month — and the Installer Was Properly Signed

Kaspersky disclosed on May 5, 2026 that Daemon Tools — disk-imaging software with millions of users worldwide — has been distributing trojanized installers from its official website since April 8, 2026. The compromised binaries were signed with valid AVB Disc Soft developer certificates. Thousands of machines across approximately 100 countries received a

07 May 2026

Minimalist white line art on hot magenta: an hourglass with sand draining beside two padlocks linked by a chain, with '72 HOURS' floating above.

Vulnerabilities

Ivanti EPMM Has a Third Zero-Day This Year — and CISA Just Gave Federal Agencies Three Days to Patch

Ivanti disclosed CVE-2026-6973 on May 7 — a CVSS 7.2 EPMM flaw under active exploitation. CISA gave federal agencies just three days to patch (May 10 deadline). It's the third EPMM zero-day of 2026, and Ivanti hints attackers are using credentials stolen during January's campaign. On

07 May 2026

Minimalist white line art on gold-amber: a telephone handset with its cord stretching across the frame to loop around a hardware wallet, with a house silhouette and coin pile mid-frame.

Cyber Crime

$250M Crypto Gang's Burglar Just Got 6.5 Years — Hardware Wallets Aren't Safe

Marlon Ferro, a 20-year-old Santa Ana, California man also known online as "GothFerrari" and "Marlo," was sentenced to 78 months in federal prison on May 7, 2026 for serving as the home-invader and money-launderer for a 14-person "Social Engineering Enterprise" that stole more than

07 May 2026

Minimalist white line art on deep purple: a person at a laptop with two speech bubbles merging into a dotted cloud that extends as a dotted line toward a SCADA panel.

Threat Intelligence

Claude and GPT Helped Hackers Reach the Edge of a Mexican Water Utility's OT Network

Dragos published an intelligence brief on May 6, 2026, documenting a cyber-attack against Servicios de Agua y Drenaje de Monterrey — a municipal water utility in northern Mexico — between December 2025 and February 2026 in which attackers used Anthropic's Claude and OpenAI's GPT to plan the operation,

07 May 2026

Minimalist white line art on vibrant teal: a water treatment tank with five droplet icons above it, a half-open document with a closed-eye on the cover, and a red dotted turning valve.

Policy & Government

Poland's Spy Agency Just Broke a 12-Year Silence to Warn That Hackers Reached Five Water Plants

Poland's Internal Security Agency (ABW) published a public report on May 7, 2026 — its first activity summary in 12 years — warning that hackers targeted water treatment stations in five Polish municipalities, gaining access in some cases to industrial control systems and developing the ability to alter technical parameters

07 May 2026

See all