Risk
-
Phishing campaign used RMM software to hit more than 80 organizations
A phishing campaign has targeted more than 80 organizations since at least April 2025, using legitimate remote monitoring tools to maintain access after victims opened fake Social Security Administration emails.
-
Trellix says attackers accessed part of source code repository
Trellix said attackers gained unauthorized access to part of its source code repository. The company has found no evidence so far that the code was exploited or altered and is investigating with forensic experts.
-
U.S., international agencies arrest 276 in crypto scam crackdown
International authorities arrested at least 276 suspects and shut down nine scam centers in a crackdown on cryptocurrency investment fraud schemes that targeted Americans and caused millions of dollars in losses.
-
Microsoft Defender wrongly flags DigiCert root certificates as malware
Microsoft Defender mistakenly flagged DigiCert root certificates as malware after an April 30 signature update, removing some from Windows trust stores. Microsoft says the false positives are fixed and no extra action is needed.
-
CISA adds actively exploited Linux root flaw to known vulnerabilities list
CISA added a Linux kernel privilege escalation flaw known as Copy Fail to its exploited vulnerabilities catalog after signs of active abuse. The issue can let a local user gain root access, and patches are already available.
-
PyPI Lightning package hit by credential-stealing malware
Python package Lightning was compromised on PyPI, with two malicious releases published on April 30, 2026. Security researchers said the code targeted developer credentials and could spread through package ecosystems.
-
Python backdoor DEEP#DOOR uses tunneling service to hide remote access
Researchers disclosed DEEP#DOOR, a Python backdoor that uses a public tunneling service for command and control, steals credentials and includes multiple persistence and defense evasion features.
-
Linux flaw could let local users gain root on many systems
Researchers disclosed a Linux local privilege escalation flaw, called Copy Fail, that could let a local unprivileged user gain root on systems shipped since 2017. The issue affects multiple major distributions and has been assigned CVE-2026-31431.
-
Handala claims leak of US Marines data in WhatsApp threat campaign
US Marines in the Persian Gulf received WhatsApp threats from the Iran-linked Handala hacking group, which claimed to leak personal data on 2,379 service members and said it knew their family details and routines.
-
Google patches critical Gemini CLI flaw that could allow remote code execution
Google fixed a critical Gemini CLI flaw that could let attackers execute commands on host systems in headless CI workflows. The issue affected specific npm and GitHub Actions versions and required explicit folder trust after the update.
