Cybersecurity Brief: May 3, 2026

Critical infrastructure faces mounting pressure as operational technology attacks surge 84% in 2025, with 96% of OT incidents traced to compromised IT systems. The convergence of IT and OT networks continues to expose industrial control systems to threats designed for enterprise environments, highlighting the inadequacy of traditional security boundaries in modern critical infrastructure. Meanwhile, a critical zero-day vulnerability in cPanel is being actively exploited, threatening web hosting infrastructure globally.

Two significant breaches underscore insider and supply chain risks. Cybersecurity vendor Trellix confirmed unauthorized access to portions of its source code repository, prompting forensic investigation and law enforcement notification. In healthcare, South Carolina's Sandhills Medical Foundation disclosed that Inc Ransom compromised data belonging to 170,000 patients. Separately, two cybersecurity professionals received four-year prison sentences for conducting ransomware attacks linked to the ALPHV BlackCat operation—a stark reminder that threat actors increasingly come from within the industry itself.

The threat landscape shows geographic escalation and platform abuse. The UAE reports facing up to 700,000 daily cyberattacks from Iran-linked actors deploying AI tools and deepfakes, prompting activation of national cyber defense operations. On the fraud front, researchers uncovered a massive phishing operation abusing Google AppSheet infrastructure to target Facebook credentials, affecting some 30,000 users. Australian financial institutions face mounting pressure as mortgage fraud reaches $3 billion, with major banks investigating compromised brokers amid what regulators describe as a "tsunami" of converging cyber and fraud risks.

Sources: AFR · The Media Line · Hackread · Cybernews · The Hacker News · TechTarget · CISO Series · SecurityWeek