Daily Security Briefing #244

May 4, 2026 | Read Online

Critical TanStack package abuse, massive crypto scam takedown, phishing campaigns using RMM tools, and more…

Executive Summary

Cybersecurity threats continue to escalate with malicious actors exploiting vulnerabilities in popular software packages. The recent discovery of a malicious TanStack package highlights the importance of verifying npm dependencies. Meanwhile, authorities have dismantled significant cryptocurrency scam centers targeting Americans. Additionally, phishing campaigns using Remote Monitoring and Management (RMM) tools and other critical vulnerabilities are being exploited.

Top Articles

Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets A malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive naming strategy and a hidden postinstall script. The attacker registered the unscoped tanstack package name on npm, exploiting confusion with the legitimate @tanstack organization. GBHackers

276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting Americans In an unprecedented international law enforcement operation, authorities have dismantled at least nine overseas cryptocurrency scam centers, resulting in the arrest of 276 individuals. The coordinated effort targeted transnational criminal networks running sophisticated “pig butchering” investment fraud schemes against American citizens. GBHackers | The Hacker News

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations. The Hacker News

Hacking Polymarket Polymarket is a platform where people can bet on real-world events. However, gamblers have threatened a journalist because his story was being used to verify an event. This highlights the potential risks and unintended consequences of such platforms. Schneier

MSSPs Face Rising Alert Fatigue as False Positives Drain Analyst Time and Resources Managed Security Service Providers (MSSPs) are facing challenges due to rising alert fatigue, with false positives draining analyst time and resources. This highlights the need for more effective threat detection and response strategies. CyberPress

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. This highlights the importance of timely patching and vulnerability management. The Hacker News

Canvas Parent Instructure Confirms Data Breach After ShinyHunters Claims Attack Instructure has confirmed a data breach after suspicious activity disrupted several Canvas services. The incident was the result of a cyberattack, and external forensic experts were engaged to investigate. CyberPress

Amazon SES increasingly abused in phishing to evade detection The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters. This highlights the need for more effective email security measures. BleepingComputer

4th May – Threat Intelligence Report For the latest discoveries in cyber research, please download our Threat Intelligence Bulletin. This report highlights significant threats and breaches, including a cyberattack on Medtronic’s corporate IT systems. Check Point

Backdoored PyTorch Lightning package drops credential stealer A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. BleepingComputer

Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability A critical vulnerability in cPanel has been exploited by attackers, with multiple proof-of-concept exploits appearing online. DarkReading

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.