DJBSEC's CyberNews 2026-05-04
Today’s daily news covers the following categories: Data Breach Vulnerability Malware Policy & Legislation Ransomware Authentication Insider Threat Threat Intelligence
Instructure Confirms Data Breach as ShinyHunters Claims Responsibility
Data Breach
Instructure has confirmed a data breach following claims by the ShinyHunters group that it compromised the company’s systems. The attackers allege they accessed sensitive customer and internal data, though the full scope is still under investigation. ShinyHunters has a history of targeting large organizations and leaking stolen data. The breach raises concerns about potential exposure of educational and enterprise user information. Affected organizations are advised to monitor for suspicious activity and follow mitigation guidance.
Read More
Microsoft Defender Flags DigiCert Root Certificates
Vulnerability
Microsoft Defender has flagged certain DigiCert root certificates, raising concerns about trust and certificate validation. While the issue may not indicate direct compromise, it highlights the sensitivity of certificate infrastructure. Problems with root certificates can impact authentication and secure communications. Organizations rely heavily on trusted certificate authorities for encryption and identity verification. Security teams should review alerts and ensure proper certificate configurations.
Read More
Telegram Mini Apps Used for Crypto Scams and Malware Delivery
Malware
Attackers are abusing Telegram mini apps to distribute Android malware and run cryptocurrency scams. These apps appear legitimate but contain hidden malicious functionality. Victims are tricked into downloading apps or interacting with fraudulent crypto schemes. The use of trusted platforms like Telegram increases the effectiveness of these campaigns. Users should avoid unverified apps and exercise caution when engaging with crypto-related offers.
Read More
Trellix Confirms Source Code Breach
Data Breach
Trellix has confirmed a breach involving the exposure of its source code. Such incidents can have serious implications, as attackers may analyze the code to identify vulnerabilities. The breach raises concerns about intellectual property theft and potential downstream attacks. Trellix is investigating the incident and implementing security measures. Organizations should monitor for related threats and ensure defensive controls are in place.
Read More
Proof-of-Concept Exploit Released for Linux Copy Fail Vulnerability
Vulnerability
A proof-of-concept exploit has been released for the Linux “Copy Fail” vulnerability, increasing the risk of real-world attacks. The flaw allows attackers to potentially gain elevated privileges on affected systems. Public availability of exploit code significantly accelerates threat activity. Organizations running Linux systems should treat this as a high-priority issue. Immediate patching and mitigation are strongly recommended.
Read More
Microsoft Releases Updates Across Security Portfolio
Policy & Legislation
Microsoft has announced a series of updates and new releases across its security portfolio. These updates aim to improve threat detection, response capabilities, and overall security posture. Enhancements include improvements to Defender and other enterprise security tools. The updates reflect ongoing efforts to adapt to evolving cyber threats. Organizations should review changes and integrate new features into their security strategies.
Read More
Critical cPanel Flaw Exploited in Ransomware Campaigns
Ransomware
A critical vulnerability in cPanel is being actively exploited in ransomware attacks linked to the “Sorry” ransomware group. Attackers are using the flaw to gain access to servers and deploy ransomware payloads. The mass exploitation highlights the urgency of patching exposed systems. Compromised servers can lead to significant operational disruption. Organizations should update cPanel installations immediately and monitor for suspicious activity.
Read More
ConsentFix v3 Targets Azure with OAuth Abuse
Authentication
The ConsentFix v3 attack campaign is targeting Microsoft Azure by abusing OAuth permissions. Attackers trick users into granting access to malicious applications, allowing them to access data without credentials. This technique bypasses traditional authentication controls. It highlights risks associated with user consent and third-party app integrations. Organizations should review OAuth permissions and educate users on consent risks.
Read More
Cybersecurity Experts Jailed for Role in ALPHV Ransomware
Insider Threat
Several individuals described as cybersecurity experts have been jailed for their involvement in ALPHV/BlackCat ransomware operations. These insiders used their technical knowledge to support cybercriminal activities. The case highlights the risks posed by skilled individuals turning to malicious activity. Insider threats remain a significant concern for organizations. Strong vetting and monitoring practices are essential to mitigate risk.
Read More
NCSC Warns of Incoming “Patch Tsunami”
Threat Intelligence
The UK’s National Cyber Security Centre (NCSC) has warned organizations to prepare for a surge in security patches. This “patch tsunami” is driven by increasing vulnerability disclosures and rapid exploitation. Managing patching at scale is becoming more challenging for organizations. Failure to keep up can leave systems exposed to attacks. Security teams should prioritize patch management and automation.
Read More
Trellix Confirms Source Code Breach in Separate Report
Data Breach
A separate report confirms the Trellix source code breach, reinforcing concerns about the incident’s scope. The exposure of source code could allow attackers to identify weaknesses in security products. This increases the risk of targeted attacks against organizations using those tools. Trellix is working to contain the impact and strengthen defenses. Customers should remain vigilant for related threats.
Read More
Attackers Abuse Google AppSheet, Netlify, and Telegram
Threat Intelligence
Attackers are exploiting platforms like Google AppSheet, Netlify, and Telegram to deliver malicious content and phishing campaigns. By using legitimate services, they can evade detection and gain user trust. These platforms are being used to host payloads, phishing pages, and command-and-control infrastructure. The tactic reflects a broader trend of abusing trusted services. Organizations should monitor for suspicious activity across cloud platforms.
Read More
Enjoy Reading This Article?
Here are some more articles you might like to read next: