Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-04 08:00 PDT
- DShield Honeypot Update, (Mon, May 4th)
SANS ISC Diary (full) • 2026-05-04 07:23 • isc.sans.eduThis week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have “automatic updates” enabled on your system. There will be two major changes:
- They don’t hack, they borrow: How fraudsters target credit unions
BleepingComputer • 2026-05-04 06:42 • www.bleepingcomputer.com
Fraudsters aren’t hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. […]
https://www.bleepingcomputer.com/news/security/they-dont-hack-they-borrow-how-fraudsters-target-credit-unions/ - Progress warns of critical MOVEit Automation auth bypass flaw
BleepingComputer • 2026-05-04 05:18 • www.bleepingcomputer.com
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. […]
https://www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/ - Webinar: Why MSPs must rethink security and backup strategies
BleepingComputer • 2026-05-04 05:16 • www.bleepingcomputer.com
Security breaches don’t just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. […]
https://www.bleepingcomputer.com/news/security/webinar-why-msps-must-rethink-security-and-backup-strategies/ - 2026: The Year of AI-Assisted Attacks
The Hacker News • 2026-05-04 04:58 • thehackernews.com
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to buy Pokémon cards.
In a sense, this is a fairly conventional story.
https://thehackernews.com/2026/05/2026-year-of-ai-assisted-attacks.html - Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The Hacker News • 2026-05-04 04:57 • thehackernews.com
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor.
The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.
“Both waves followed a nearly identical
https://thehackernews.com/2026/05/silver-fox-deploys-abcdoor-malware-via.html - Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Graham Cluley • 2026-05-04 04:42 • www.bitdefender.com
Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/alleged-scattered-spider-hacker-extradition - CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
BleepingComputer • 2026-05-04 04:28 • www.bleepingcomputer.com
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. […]
https://www.bleepingcomputer.com/news/security/cisa-says-copy-fail-flaw-now-exploited-to-root-linux-systems/ - Microsoft confirms April Windows updates cause backup failures
BleepingComputer • 2026-05-04 03:40 • www.bleepingcomputer.com
Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/ - “Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
Securelist • 2026-05-04 03:00 • securelist.com
Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let’s look at some examples to see how you can tell a phishing email from a real one.
https://securelist.com/amazon-ses-phishing-and-bec-attacks/119623/ - Hacking Polymarket
Schneier on Security • 2026-05-04 02:46 • www.schneier.comPolymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination), one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have threatened a journalist because his story was being used to verify an event. And now, gamblers are takin…
https://www.schneier.com/blog/archives/2026/05/hacking-polymarket.html - Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
The Hacker News • 2026-05-04 02:27 • thehackernews.com
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel.
The activity, detected by Ctrl-Alt-Intel on May 2, 2026, involves the
https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
