By summy 0 Comment

CyberSecurity Knuggets

Cybersecurity Knuggets

Apr 29, 2026

Subject: Social Media Scams Cost Americans $2.1 Billion—Facebook Leads the Packs

Sender: info@metacurity.comD

Dear Reader,

According to a new FTC report, Americans lost $2.1 billion to social media scams in 2025, marking an eightfold increase in losses. Facebook leads all platforms, accounting for more loss reports than text or email scams combined. Key scam types include:

– Shopping scams with fraudulent ads for products ranging from clothing to puppies.

– Investment schemes promoted through deceptive ads and WhatsApp groups, causing $1.1 B in losses.

– Romance scams beginning on social platforms, representing nearly 60% of reported cases.

Additionally, Medtronic disclosed a cyberattack affecting corporate IT systems but not products or patient safety. Toronto police arrested three suspects linked to SMS blaster frauds disrupting networks. Iranian hacker group Handala leaked personal info of 2,379 US Marines, raising security alarms. Google agreed to Pentagon use of AI for classified work amid internal employee concerns.

New BlackFile hacking group targets retail and hospitality with sophisticated credential theft and ransomware extortion schemes. Australian Gelatissimo faces ransomware extortion with leaked sensitive employee data.

  • Robinhood customers targeted via phishing emails exploiting account creation processes.

  • Checkmarx source code leaked following supply chain attack.

  • Missouri’s MOScholars program exposed student info, triggering privacy scrutiny.

  • US states issued $3.45 billion in privacy fines in 2025, marking ramped-up enforcement.

  • NCSC warns common SOC metrics are misleading; emphasizing time to detect and respond.

  • French police arrested suspected hacker behind ~100 data breaches.

  • GCHQ’s NCSC launched SilentGlass hardware to prevent display device cyberattacks.

  • South Korean lawmakers protest perceived US political interference in Coupang legal case.

Stay vigilant. For detailed insights and analysis, consider supporting independent cybersecurity news like Metacurity.

Best regards,

Cynthia B Brumfield

Metacurity Daily Cybersecurity Briefing

Subject: How Iran Is Exploiting a New Cyber Landscape

Sender: intelligence@marketing.n2k.comD

Hello,

Iranian cyber threat actors are evolving from using disruptive malware to weaponizing identity systems—the fastest way into high-value networks. Palo Alto Networks’ SVP Sam Rubin discussed this shift at RSAC 2026:

  • Traditional destructive attacks with MBR wiping malware are now less effective due to improved defenses.

  • Iranian actors prioritize stealthy, identity-based attacks leveraging stolen credentials and compromised authentication.

  • Threat groups like Boggy Serpens infiltrate trusted third parties first, gaining legitimate access to target enterprises.

  • This pivot allows Iranian APTs longer persistence and less detectable lateral movement within victim networks.

Listen to the full conversation to understand how Iran’s cyber operations have adapted and how defenders can stay ahead.

Best regards,

N2K CyberWire Team

Subject: Securing AI Agents in the Enterprise: 5 Use Cases

Sender: news@securityweek.comD

Hi,

AI agents increasingly run workflows, access cloud data, call APIs, and interact autonomously in enterprise environments. Many operate with broad permissions often without traditional security visibility.

Download our new guide, Securing AI Agents in the Enterprise, to learn how modern security teams:

– Discover AI agents including shadow deployments.

– Enforce least privilege by comparing assigned vs. used permissions.

– Detect abnormal agent behavior before incidents occur.

– Monitor agent-to-agent interactions across platforms.

– Produce regulator-ready audit trails for AI agent activities.

As AI agents become a powerful new identity class, govern them with the same rigor as your human identities to reduce risks.

[Download Guide]

Stay secure,

SecurityWeek

Subject: Iran War Updates | The CyberWire 4.28.26

Sender: editor@newsletter.n2k.comD

Greetings,

Today’s highlights:

  • The pro-Iranian hacker group Handala published personal data of over 2,300 US Marines in the Persian Gulf, including family and base details. Researchers link Handala to Iran’s Ministry of Intelligence.

  • US Supreme Court signals it will require warrants for geofencing location data searches, balancing privacy with law enforcement needs.

  • ShinyHunters extortion group claims responsibility for a breach at US logistics company Pitney Bowes, leaking 8.2M unique emails and sensitive employee data.

Additional updates: Iranian cyber operations resemble opportunistic criminal actors seeking gains amplified by info ops, and Iranian attacks on petrochemical complexes have disrupted critical circuit board material supply chains globally.

For the full briefing and sponsored insights on zero trust security evolution, visit our newsletter.

Regards,

N2K CyberWire Editorial Team

Subject: Medtronic Hack Confirmed

Sender: news@securityweek.comD

Dear Subscriber,

Confirmed: Medtronic suffered a cyberattack impacting corporate IT systems but not medical devices or patient care operations. The attack exposed over 9 million records containing personally identifiable information per claims from the ShinyHunters data extortion group.

Other critical news:

– CISOs gain new leverage in budget talks using cyber insurance data.

– Robinhood phishing campaign exploiting account login alerts is underway.

– New Windows privilege escalation vulnerabilities remain unpatched.

– Ransomware groups target Australian gelato franchiser Gelatissimo with employee data extortion.

Upcoming webinar: Closing the Gap: Securing Identity Across Humans, Machines, and AI on May 7.

Secure your enterprise with expert insights and timely news — visit SecurityWeek for details and reporting.

Stay safe,

SecurityWeek Team

Stay Well!

summy
summy