Close Menu
    Subscribe
    News

    InfoSec News Nuggets 04/28/2026

    adminBy No Comments2 Mins Read


    Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

    Medtronic confirmed a cyber incident after the ShinyHunters group claimed to have stolen 9 million records and terabytes of corporate data. The company said it has not identified impacts to products, patient safety, manufacturing, distribution, or hospital customer networks, but it is still working to determine whether personal information was accessed.

     

    Canada arrests three for operating “SMS blaster” device in Toronto

    Canadian authorities arrested three men for allegedly operating an SMS blaster, a rogue cellular device that mimics a legitimate tower and pushes phishing texts directly to nearby phones. The tactic matters because it bypasses the normal need for a phone number list and lets attackers hit large numbers of people in dense areas with messages that appear to come from trusted entities like banks or government agencies.

     

    Cyber crooks got Robinhood to send phishing emails to its own users

    Attackers abused Robinhood’s account creation flow to inject malicious HTML into legitimate login notification emails, causing real Robinhood infrastructure to send convincing phishing messages to victims. Because the emails came from Robinhood’s own domain and passed SPF, DKIM, and DMARC checks, the campaign is a good example of how attackers can weaponize a trusted platform’s own mail systems rather than spoofing them from the outside.

     

    Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia

    ESET researchers say a China-linked group they call GopherWhisper targeted Mongolian government entities and used multiple cloud services for command and control, including Slack, Discord, Outlook email drafts, and file.io. The tradecraft is notable less for sophistication than for flexibility, giving the operators several mainstream channels to support espionage and pivot if one method is discovered or blocked.

     

    ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

    A 24-year-old British national identified as Tyler Robert Buchanan pleaded guilty to wire fraud conspiracy and aggravated identity theft tied to Scattered Spider activity. Prosecutors say the campaign involved large-scale SMS phishing against companies like Twilio, LastPass, DoorDash, and Mailchimp, followed by SIM swapping and cryptocurrency theft totaling at least $8 million, which keeps the spotlight on how effective social engineering remains in high-impact intrusions.

    The post InfoSec News Nuggets 04/28/2026 appeared first on AboutDFIR – The Definitive Compendium Project.



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.