CyberNews: 09/05/2026 Edition

Today’s roundup

Summary

Poland's Internal Security Agency (ABW) confirmed that state-linked hackers, including Russian APT groups APT28 and APT29, and Belarusian-aligned UNC1151, breached the Industrial Control Systems (ICS) of five water treatment facilities in 2025. The attackers gained the ability to modify operational parameters, posing a direct threat to public water services. The breaches were attributed to weak password policies and management interfaces exposed to the internet.

cPanel and Web Host Manager (WHM) released urgent updates addressing three new vulnerabilities, including CVE-2026-29201. These flaws could be exploited to achieve privilege escalation, remote code execution, and denial-of-service. Users are strongly advised to patch their systems immediately to prevent potential exploitation.

AI observability startup Braintrust experienced a security incident involving unauthorized access to one of its AWS accounts. This breach potentially exposed secrets and API keys used to connect to cloud-based AI models, highlighting growing AI supply chain risks. Braintrust has advised customers to rotate any org-level AI provider keys used with their platform. One customer was confirmed affected, with three others reporting suspicious usage spikes.

The RansomHouse cyber extortion group claimed responsibility for breaching cybersecurity firm Trellix, publishing screenshots as proof of access to internal systems. Trellix previously confirmed unauthorized access to a portion of its source code repository but stated there was no evidence of code alteration or exploitation. The incident underscores the risks of intellectual property theft and supply chain compromise within the security industry.

Threat hunters have identified TCLBANKER, a previously undocumented Brazilian banking trojan. This malware is capable of targeting 59 banking, fintech, and cryptocurrency platforms and spreads via WhatsApp and Outlook worms. Tracked as REF3076 by Elastic Security Labs, TCLBANKER is considered a significant evolution of the Maverick malware family.

A Virginia man was convicted on federal charges for deleting 96 government databases and unlawfully accessing an individual’s email account by stealing their password. This act of sabotage resulted in significant data destruction.

The ShinyHunters extortion group has claimed a second attack against Instructure, an educational technology company. This incident reportedly put the Personally Identifiable Information (PII) of hundreds of millions of people at risk.

Fashion retailer Zara, part of Inditex, confirmed a data breach affecting approximately 197,000 customers. The incident stemmed from a compromise of a former third-party technology provider, Anodot, by the ShinyHunters group. Exposed data included email addresses, order IDs, product SKUs, geographic locations, and purchase history. ShinyHunters exploited compromised Anodot authentication tokens to access BigQuery instances.

NVIDIA confirmed a data breach impacting user information within its GeForce NOW gaming service, specifically affecting Armenian users. The company has stated that user data was exposed, prompting concern among the affected user base.

Cybersecurity researchers uncovered 28 fraudulent Android apps on the Google Play Store that falsely promised call history access. These apps tricked over 7.3 million users into costly subscriptions for fake data, resulting in significant financial losses.

Want to dig deeper?

Vulnerabilities

Cyber Groups