Daily Security Briefing #241

May 1, 2026 | Read Online

GRIDTIDE disrupted, Claude Code vulnerabilities exposed, and AI training data poisoning…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent GRIDTIDE campaign disruption highlights collaborative efforts between industry partners. Meanwhile, critical vulnerabilities in Claude Code have been exposed. Additionally, AI training data poisoning has become a growing concern.

Top Articles

Metasploit MCP Server Brings Model Context Protocol Support The latest Metasploit release includes the MCP server, allowing AI applications to query Metasploit data through standardized tools and protocols. rapid7.com

Criminal IP and Securonix ThreatQ Collaborate on Enhanced Threat Intelligence A partnership between Criminal IP and Securonix aims to integrate external threat intelligence into existing workflows, accelerating analysis and response for security teams. gbhackers.com

EtherRAT Campaign Targets Enterprise Admins via SEO Poisoning and Fake GitHub Pages Attackers use a combination of SEO poisoning, GitHub abuse, and blockchain-based infrastructure to target high-privilege IT professionals in the EtherRAT campaign. gbhackers.com

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign A Vietnamese-linked operation uses a Google AppSheet as a “phishing relay” to distribute phishing emails targeting Facebook accounts. thehackernews.com

BleepingComputer Retracts Instructure Data Breach Story A retracted article initially reported a new data breach at Instructure, but the information was found to be incorrect and based on outdated details from a prior incident. bleepingcomputer.com

Cybercrime Groups Use Vishing and SSO Abuse in Rapid SaaS Extortion Attacks Researchers warn of two cybercrime groups carrying out high-impact attacks within SaaS environments, using vishing and SSO abuse to steal data. thehackernews.com

Multiple Wireshark Flaws Allow Remote Code Execution via Malformed Packets The Wireshark Foundation releases version 4.6.5, patching over 40 security vulnerabilities, including critical flaws allowing arbitrary code execution. cyberpress.org

Supply Chain Attack Targets GitHub Actions via Malicious Ruby Gems and Go Modules A campaign targets both Ruby and Go ecosystems using malicious packages designed to appear legitimate, compromising developer machines and CI pipelines. cyberpress.org

15-year-old Detained over French Govt Agency Data Breach French authorities detain a 15-year-old suspected of selling data stolen in a cyberattack on France Titres, the country’s agency for issuing administrative documents. bleepingcomputer.com

US Government and Allies Publish Guidance on Safely Deploying AI Agents The guidance warns that agents capable of taking real-world actions are already inside critical infrastructure, emphasizing the need for safe deployment practices. cyberscoop.com

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.