CISO 每日摘要：Trellix Source Code Breach; ShinyHunters Attack Canvas Platform (20260507)

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Trellix, a major cybersecurity provider, has suffered a source code breach that raises significant supply chain security concerns. The exposure of proprietary security software source code could enable threat actors to identify vulnerabilities in widely-deployed endpoint protection products. Security teams are advised to audit their supply chain dependencies and monitor for any anomalous activity linked to the incident.

🔗 Reference: Dark Reading

本週活躍威脅

📌 ShinyHunters Claims Data Breach of Canvas Developer and NVIDIA GeForce NOW

The notorious threat actor group ShinyHunters has claimed responsibility for stealing millions of personal records from Instructure (Canvas LMS developer) and NVIDIA’s GeForce NOW service. The Canvas breach has already disrupted schools and colleges nationwide, forcing many to suspend online learning operations.

🔗 Reference: Krebs on Security

📌 PAN-OS RCE Exploit Under Active Usage — CISA Issues Emergency Directive

A remote code execution vulnerability in Palo Alto Networks PAN-OS is under active exploitation. CISA has added the flaw to its Known Exploited Vulnerabilities catalog and mandated federal agencies to apply mitigations within three days. Palo Alto Networks has released detection signatures.

🔗 Reference: The Hacker News

📌 WhatsApp Malicious Link Vulnerability Exploited for Surveillance

A critical flaw in WhatsApp’s link preview functionality has been exploited in targeted attacks. The vulnerability allows attackers to trigger malicious actions when a user receives a crafted link, even without clicking it. Meta has released an emergency update for all platforms.

🔗 Reference: iThome

📌 New ConsentFix v3 Phishing Technique Automates Azure Environment Attacks

A new variant of the ConsentFix phishing technique (v3) is actively targeting Azure environments. The automated attack tricks users into granting OAuth permissions to malicious applications, bypassing traditional MFA protections and security awareness training.

🔗 Reference: iThome

📌 Windows Phone Link Exploited by CloudZ RAT to Steal Credentials

Threat actors are exploiting the Windows Phone Link feature to distribute CloudZ RAT, a remote access trojan designed to steal credentials and sensitive data from mobile devices connected to Windows PCs. The attack vector leverages trusted device pairing.

🔗 Reference: The Hacker News

📌 Apache HTTP Server High-Risk Vulnerability Patched by Apache Foundation

The Apache Software Foundation has patched a high-risk vulnerability in the Apache HTTP Server that could allow remote attackers to compromise web servers. System administrators are urged to update to the latest version immediately.

🔗 Reference: iThome

OPSWAT可以怎麼幫上忙

The Trellix source code breach and ShinyHunters’ data theft operations highlight the critical need for multi-layered defense. MetaDefender’s CDR technology disarms malicious documents at the gateway, while multi-engine scanning catches known and unknown threats across email and web traffic.