North America
Microsoft 365 users
The FBI has warned Microsoft 365 users about a phishing-as-a-service (PhaaS) platform that allows attackers to gain access to Microsoft 365 accounts and bypass multifactor authentication (MFA) without requiring a user’s credentials.
The platform, known as Kali365, is being used by entry-level threat actors to launch sophisticated phishing attacks. Victims receive emails impersonating trusted cloud productivity and document-sharing services, prompting them to visit a fake Microsoft verification page and enter a device code. By doing so, attackers can obtain OAuth access and refresh tokens, enabling access to Microsoft 365 services such as Teams, Outlook and OneDrive.
Platforms like Kali365 continue to lower the barrier to entry for cybercriminals by providing AI-generated phishing lures, victim tracking dashboards, automated templates and other tools that make advanced phishing campaigns easier to execute.
SourceHow it could affect your business
Ransomware-as-a-service and phishing-as-a-service delivery models are lowering the barrier to entry, enabling even less technically skilled attackers to launch sophisticated and highly effective cyberattacks. Organizations should prioritize user awareness training and deploy advanced email security solutions that leverage technologies such as GenAI to identify and stop evolving phishing threats before they can compromise accounts and sensitive data.
North America
Carnival Corporation
The ShinyHunters ransomware group’s attack on Carnival Corporation, which we reported on earlier, has now been revealed to have impacted nearly 6 million customers.
Carnival said its IT security team first detected the breach on April 14. According to the company, a threat actor used social engineering techniques to deceive an employee and gain access to its IT systems. The exposed data includes names, addresses, email addresses, phone numbers, dates of birth and government-issued identification numbers, such as driver’s license and passport details.
While Carnival has not publicly disclosed the total number of affected individuals, a filing with the Maine Attorney General’s Office indicates that nearly 6 million people may have been impacted.
SourceHow it could affect your business
The exposure of such a large volume of sensitive personal information can increase the risk of targeted phishing attacks, identity theft and financial fraud. Affected individuals should remain vigilant, regularly monitor account statements and credit reports and watch for any signs of unauthorized activity or suspicious communications that may leverage the exposed information.
North America
Ghost CMS
A critical vulnerability in the Ghost content management system (CMS), patched earlier this year, is now being actively exploited in a large-scale campaign that has impacted hundreds of websites belonging to major organizations.
Ghost is a widely used open-source CMS built for blogging, newsletters and publishing. Threat actors are exploiting a critical SQL injection vulnerability in Ghost, tracked as CVE-2026-26980, that was patched in February. Successful exploitation can allow attackers to manipulate database requests and gain unauthorized access to backend systems. Reports also indicate that attackers are combining the exploit with ClickFix social engineering techniques, increasing the effectiveness of the attacks.
Security researchers have identified more than 700 compromised websites in the campaign, including those belonging to major universities and technology companies.
SourceHow it could affect your business
For developers, startups and website owners using Ghost CMS, this incident serves as a major warning sign. Organizations that have not applied the latest security patch could leave their websites vulnerable to malware distribution, credential theft and even full server compromise. Prompt patching, regular vulnerability assessments and continuous monitoring are essential to reducing the risk of exploitation.
United States
LA Metro
The recent disruptive cyberattack targeting the Los Angeles public transportation system has been linked to the Iranian government by security researchers.
The Los Angeles County Metropolitan Transportation Authority (LA Metro) detected the breach in mid-March. While rail and bus services were not affected, the incident caused internal operational disruptions. In early April, LA Metro officials said that hundreds of servers had to be examined for signs of compromise before they could be safely restored to service.
According to security researchers, forensic evidence links the operation to infrastructure and activity associated with Black Shadow, a threat group believed to have ties to Iran.
SourceHow it could affect your business
Ongoing geopolitical tensions have contributed to a rise in nation-state cyberattacks, with critical infrastructure and government-associated organizations increasingly finding themselves in the crosshairs. Organizations operating in these sectors should strengthen their cyber defenses by implementing continuous monitoring, enforcing strong access controls, segmenting critical systems and maintaining well-tested incident response and recovery plans to reduce the risk and impact of attacks.
Australia & New Zealand
Mosman Council
Mosman Council, a local government authority in Sydney, is investigating a cyber incident involving a breach of a third-party digital platform used to support the management and delivery of some of its community services.
According to a statement issued by the council on May 26, the incident appears to be part of a broader breach affecting multiple customers of the third-party provider. The council said the affected system is operated externally and is currently working to understand the scope of the incident.
The nature and extent of the data accessed, along with any personal information that may have been compromised, remains under investigation.
SourceHow it could affect your business
This incident highlights how third-party breaches can impact organizations even when their own systems are not directly compromised. Organizations should conduct regular vendor risk assessments, review third-party security controls and ensure suppliers handling sensitive data meet appropriate cybersecurity standards.
