Nicholas Robert - The CyberSignal (Page 23)

phishing

VENOMOUS#HELPER: SSA Phishing Drops Dual-RMM on 80+ Orgs by Living off Trusted Vendors

Securonix tracked a phishing campaign that has compromised more than 80 organizations — mostly U.S.-based — by abusing legitimate SimpleHelp and ConnectWise ScreenConnect remote-monitoring tools. The lure impersonates the U.S. Social Security Administration. The architecture is dual-RMM redundancy: when defenders detect one channel, the other persists. Securonix

05 May 2026

Minimalist white line art on dark forest green showing a newspaper-fold being unzipped along its spine, releasing a cascade of document pages into an open archive box, with a red accent dot.

Ransomware

World Leaks Breaches Pro-Orbán Mediaworks: 15 Million Files Published, Hungarian Outlets Defy Reporting Threat

World Leaks — the rebrand of Hunters International — published 8.5 terabytes and roughly 15 million files from Mediaworks, Hungary's pro-Orbán media giant. Mediaworks asked journalists not to report on the leak, citing criminal data-handling law. At least one Hungarian outlet refused. The data-extortion group World

05 May 2026

Minimalist white line art on deep plum showing two sign-in windows linked by a central proxy hourglass, a key intercepted mid-flight between them, and a tiny CAPTCHA glyph.

phishing

Microsoft: AiTM Phishing Hit 35,000 Users at 13,000 Orgs in Three Days — Tycoon 2FA Takedown Did Not Kill the Technique

Microsoft Defender Research disclosed a sophisticated AiTM phishing campaign that hit 35,000+ users at 13,000+ organizations across 26 countries in just three days. 92% of targets were in the U.S. The lure was a fake employee disciplinary case. The reverse proxy stole session tokens — bypassing MFA in

05 May 2026

DHS invokes 1930s tariff act to demand Google data on Canadian Trump critic — ACLU lawsuit.

Policy & Government

DHS Used a 1930s Customs Law to Demand Google Hand Over Data on a Canadian Trump Critic

The Department of Homeland Security used a 1930s customs law to demand Google hand over a Canadian's location, activity logs, and identifying information — over anti-ICE posts. The Canadian has not entered the United States in more than ten years. The ACLU is suing. WIRED reported on May

05 May 2026

Minimalist white line art on cobalt blue showing a shield containing a certificate-ribbon icon mistakenly marked with a red X, alongside a circular restoration arrow.

Vulnerabilities

Defender Quarantined DigiCert Roots Worldwide — Here's the Fix

A Defender signature update flagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha and quarantined them worldwide. Microsoft fixed it in 1.449.430.0. The underlying DigiCert breach is the bigger story.

04 May 2026

Threat Intelligence

Apple, NVIDIA, Disney Impersonated in Telegram Mini App Scam Network

CTM360 names FEMITBOT — a shared backend running crypto scams, fake AI tools, and Android malware impersonating Apple, NVIDIA, Disney, and the BBC, all inside Telegram.

04 May 2026

Minimalist white line art on slate-grey showing a folder icon with code-bracket symbols inside, a diagonal fracture line, and an exit arrow, marked by a red accent dot.

Cyber Attacks

Trellix Confirms Source Code Repository Breach

Trellix — formed from McAfee Enterprise + FireEye, owned by Symphony Technology Group — confirms unauthorized access to its source code repository. Customers should monitor and ask, not panic.

04 May 2026

Violet background with a central white smartphone displaying an eye symbol, linked by lines to photo frames, a database cylinder, and an open padlock. Red-orange dots mark focal points.

Threat Intelligence

A Stalker's Own Database Exposed 86,859 Surveillance Images

The operator who installed the spyware was the one who left the cloud bucket open.

03 May 2026

Emerald green background with a central white caduceus icon flanked by a gavel and a folder bearing a fingerprint, plus stethoscope and ID badge icons. Red-orange dots mark focal points.

Policy & Government

Sham NPI Numbers Pulled 300,000 Records From Epic, Lawsuit Alleges

The breach didn't need a hack. It needed an interoperability framework that took fake clinics at their word.

03 May 2026

Burnt orange background with a central white laptop showing a warning triangle, surrounded by a graduation cap, an open book, and a wrench. Red-orange dots mark each focal point.

Cyber Attacks

Canvas Maker Hit With Second Security Incident in Eight Months

Instructure says its forensics team believes the latest attack is contained — but won't yet say what's been touched.

03 May 2026

Cobalt blue background with a central white cloud icon linked by thin lines to a key, a sign-in window, a document folder, and a target reticle. Red-orange dots mark each focal point.

Threat Intelligence

ConsentFix v3 Runs on Cloudflare, Dropbox, and ZoomInfo

The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.

03 May 2026

An abstract Linux penguin cracked down the center with a root symbol emerging and a 2017 calendar beside it.

Trending

Linux "Copy Fail" CVE-2026-31431 Added to CISA KEV — Every Kernel Since 2017 Affected

CISA added CVE-2026-31431 — "Copy Fail" — to its KEV catalog after confirming active exploitation of a Linux kernel privilege escalation flaw affecting every distribution running kernels since 2017, allowing unprivileged users to gain root.

02 May 2026

See all