Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-04 13:00 PDT
- Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
The Hacker News • 2026-05-04 11:06 • thehackernews.com
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.
The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters
https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html - Backdoored PyTorch Lightning package drops credential stealer
BleepingComputer • 2026-05-04 10:15 • www.bleepingcomputer.com
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. […]
https://www.bleepingcomputer.com/news/security/backdoored-pytorch-lightning-package-drops-credential-stealer/ - TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
SANS ISC Diary (full) • 2026-05-04 10:12 • isc.sans.edu
Summary
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
The Hacker News • 2026-05-04 09:34 • thehackernews.com
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.
MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.
The
https://thehackernews.com/2026/05/progress-patches-critical-moveit.html - Trellix discloses data breach after source code repository hack
BleepingComputer • 2026-05-04 09:25 • www.bleepingcomputer.com
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. […]
https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/ - DShield Honeypot Update, (Mon, May 4th)
SANS ISC Diary (full) • 2026-05-04 07:23 • isc.sans.eduThis week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have “automatic updates” enabled on your system. There will be two major changes:
- ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
The Hacker News • 2026-05-04 07:23 • thehackernews.com
This week, the shadows moved faster than the patches.
While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.
The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling
https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
