Cybersecurity Brief: May 2, 2026

A critical cPanel zero-day vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog, requiring federal agencies to remediate by a specified deadline. The flaw poses immediate risks to web hosting infrastructure. Meanwhile, a sophisticated supply chain attack targeting SAP-related npm packages has been discovered, with attackers embedding credential-stealing malware into widely-used development dependencies. These concurrent infrastructure threats highlight continued adversary focus on compromising foundational systems that underpin enterprise operations.

Data breaches dominated the healthcare and consumer sectors this week. South Carolina's Sandhills Medical Foundation disclosed a ransomware attack by Inc Ransom affecting 170,000 patients, while ADT Inc. faces a class action lawsuit over a breach exposing personal information from 5.5 million customer accounts. The most significant breach emerged from France, where authorities detained a 15-year-old suspect allegedly responsible for compromising the national ID agency (ANTS) and attempting to sell 12-18 million citizen records on dark web markets. On the enforcement front, Swiss authorities arrested members of the Black Axe cybercrime organization, and US investigators detained a Scattered Spider hacker.

In policy developments, CISA and international partners released guidance for secure adoption of agentic AI systems, while the White House engaged tech industry leaders on defensive AI applications and cybersecurity resilience. The US CyberCorps program now mandates AI skills competency for incoming scholars, reflecting the accelerating convergence of artificial intelligence and cybersecurity operations.

Sources: CISA · CISA · SentinelOne · SecurityWeek · Bloomberg Law · SCMP · SecurityWeek · Cybersecurity Dive · Nextgov/FCW