CyberNews: 02/05/2026 Edition

Published by Dunateo on 2026-05-02

Today’s roundup

  • Edu tech firm Instructure discloses cyber incident, probes impact
  • 15-year-old detained over French govt agency data breach
  • Trellix Confirms Source Code Breach With Unauthorized Repository Access
  • 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
  • Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
  • China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
  • 76% of All Crypto Stolen in 2026 Is Now in North Korea
  • If AI's So Smart, Why Does It Keep Deleting Production Databases?
  • Federal agencies must patch cPanel bug by Sunday, CISA says

    • Summary

    Edu-tech firm Instructure, provider of the Canvas learning platform, has disclosed a cybersecurity incident and is currently investigating its full impact.

    French authorities have detained a 15-year-old suspect for selling data reportedly stolen in a cyberattack against France Titres (ANTS), the country's agency responsible for administrative documents.

    Cybersecurity company Trellix has confirmed a breach that led to unauthorized access of a portion of its source code repository. The firm has engaged forensic experts and notified law enforcement.

    A Vietnamese-linked operation, dubbed AccountDumpling by Guardio, has compromised approximately 30,000 Facebook accounts. The group utilized Google AppSheet as a phishing relay to distribute malicious emails, subsequently selling the stolen credentials through an illicit storefront.

    Cybersecurity researchers are cautioning about two distinct cybercrime groups, Cordial Spider and Snarky Spider, which are executing rapid, high-impact extortion attacks. These groups exploit vishing and Single Sign-On (SSO) abuse within SaaS environments, focusing on swift data exfiltration while minimizing their digital footprint.

    Trend Micro has identified a new China-aligned espionage campaign, tracked as SHADOW-EARTH-053, targeting government and defense sectors across South, East, and Southeast Asia. The campaign also impacts a European NATO member state, journalists, and activists.

    North Korean threat actors are reportedly responsible for 76% of all cryptocurrency stolen in 2026. These groups are conducting frequent, large-scale heists, potentially leveraging artificial intelligence to facilitate their operations.

    The cybersecurity community is observing incidents where AI agent integrations are inadvertently deleting production databases. This highlights a critical concern regarding the insufficient security testing of AI agents before their deployment into live operational environments.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for federal agencies to patch a critical cPanel vulnerability, CVE-2026-41940, by Sunday. Successful exploitation of this flaw, as confirmed by Rapid7, grants attackers control over the cPanel host system, its configurations, databases, and all managed websites.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-41940 Critical