Threat Intelligence

Policy & Government

DHS Used a 1930s Customs Law to Demand Google Hand Over Data on a Canadian Trump Critic

The Department of Homeland Security used a 1930s customs law to demand Google hand over a Canadian's location, activity logs, and identifying information — over anti-ICE posts. The Canadian has not entered the United States in more than ten years. The ACLU is suing. WIRED reported on May 4,

05 May 2026

Threat Intelligence

Apple, NVIDIA, Disney Impersonated in Telegram Mini App Scam Network

CTM360 names FEMITBOT — a shared backend running crypto scams, fake AI tools, and Android malware impersonating Apple, NVIDIA, Disney, and the BBC, all inside Telegram.

04 May 2026

Minimalist white line art on slate-grey showing a folder icon with code-bracket symbols inside, a diagonal fracture line, and an exit arrow, marked by a red accent dot.

Cyber Attacks

Trellix Confirms Source Code Repository Breach

Trellix — formed from McAfee Enterprise + FireEye, owned by Symphony Technology Group — confirms unauthorized access to its source code repository. Customers should monitor and ask, not panic.

04 May 2026

Violet background with a central white smartphone displaying an eye symbol, linked by lines to photo frames, a database cylinder, and an open padlock. Red-orange dots mark focal points.

Threat Intelligence

A Stalker's Own Database Exposed 86,859 Surveillance Images

The operator who installed the spyware was the one who left the cloud bucket open.

03 May 2026

Cobalt blue background with a central white cloud icon linked by thin lines to a key, a sign-in window, a document folder, and a target reticle. Red-orange dots mark each focal point.

Threat Intelligence

ConsentFix v3 Runs on Cloudflare, Dropbox, and ZoomInfo

The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.

03 May 2026

A cracked database cylinder with API key icons streaming out and a 36h clock beside it. White line art on deep violet background with red-orange accent dots at the crack and key points.

Trending

LiteLLM CVE-2026-42208: SQL Injection Exploited in 36 Hours — AI Gateway Credentials at Risk

CVE-2026-42208 in LiteLLM — the open-source AI gateway with 45K GitHub stars — was exploited within 36 hours of disclosure with no public PoC. A successful attack yields OpenAI org keys, Anthropic workspace admin keys, and AWS Bedrock credentials.

02 May 2026

A package box with a worm branching into browser icons and cloud provider icons. White line art on vivid coral background with red-orange accent dots at each branch point.

Trending

SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack — Browser Passwords Now Targeted

Official SAP npm packages were backdoored on April 29 in the latest Mini Shai-Hulud wave — adding browser credential theft across Chrome, Safari, and Edge to the campaign's existing cloud secret harvesting. Over 1,100 victim repositories confirmed.

02 May 2026

Globe with circuit traces connecting a government building, microphone, and protest sign, overlaid by a shadowed figure. White line art on deep slate with red-orange accent dots.

Trending

Shadow-Earth-053: Trend Micro Confirms China Spy Group Targets Journalists and Activists Alongside Governments and Defense

Trend Micro publishes full technical attribution of Shadow-Earth-053 — confirming the China-linked group targets journalists and civil society activists alongside governments and defense sectors across Asia and one NATO member state.

01 May 2026

Speedometer needle pinned to maximum, surrounded by an AI chip, padlock, and coin icon. White line art on dark olive background with a red-orange accent dot at the needle tip.

Policy & Government

Europol IOCTA 2026: AI, Encryption, and Cybercrime-as-a-Service Are Widening the Velocity Gap Between Criminals and Defenders

Europol's IOCTA 2026 warns that cybercrime has industrialized — AI, encryption, and CaaS are widening the velocity gap between criminal innovation and law enforcement capability, with 120+ ransomware variants and $10.5T in projected 2026 costs.

01 May 2026

Phone handset beside an SSO login screen with a session token streaming to an attacker node, SWAT icon in the corner. White line art on dark magenta with red-orange dots.

Trending

Cordial Spider and Snarky Spider: Two New Com-Affiliated Groups Are Running the Scattered Spider Playbook at Scale

CrowdStrike documents Cordial Spider and Snarky Spider — two new Com-affiliated groups running vishing and SSO phishing campaigns against enterprise SaaS environments with seven-figure extortion demands and no malware deployed.

01 May 2026

PyTorch Lightning versions 2.6.2 and 2.6.3 were backdoored in a supply chain attack that automatically steals SSH keys, cloud credentials, GitHub tokens, and crypto wallets on import.

Trending

PyTorch Lightning Compromised in Supply Chain Attack — Malware Steals Credentials Automatically on Import

Versions 2.6.2 and 2.6.3 of PyTorch Lightning were compromised in a supply chain attack — executing credential-stealing malware automatically on import, targeting SSH keys, cloud credentials, GitHub tokens, and crypto wallets.

01 May 2026

Silver Fox deployed new ABCDoor Python backdoor via fake tax authority emails targeting organizations across India, Russia, Indonesia and Japan with ValleyRAT malware.

Trending

Silver Fox Uses New ABCDoor Backdoor to Target Organizations in Russia and India via Tax Impersonation

Silver Fox has launched a tax-themed phishing campaign across India, Russia, Indonesia, and Japan — deploying ValleyRAT and the newly documented ABCDoor Python backdoor via fake tax authority notifications.

30 Apr 2026

See all