The MGM Hackers Are Back, SAP Has a Perfect 10 Vulnerability & AI Phishing Now Beats MFA
Scattered Spider is targeting your help desk. A CVSS 10.0 zero-day is dropping webshells on SAP servers. And the phishing kit on your employees' screens right now? It already has their session token.
Scattered Spider is back targeting US retailers and hospitality with advanced social engineering. SAP NetWeaver has a critical zero-day under active exploitation — patch immediately. CISA released a free ransomware response playbook tailored for SMBs. Google Chrome and Android both received emergency security patches this week.
Scattered Spider Returns
Help desk impersonation attacks are surging — your staff needs to know this now.
AiTM Phishing Bypasses MFA
40,000+ businesses targeted in Q1 — SMS and app-based MFA are no longer enough.
Why these matter for your business: Both threats specifically target SMBs and require immediate action — social engineering attacks and MFA bypass techniques are being used together in coordinated campaigns this week.
CLICK ANY ARTICLE TO READ THE FULL STORY
Scattered Spider Returns: Retail & Hospitality Firms Hit with Advanced Social Engineering
The notorious Scattered Spider threat group — responsible for the 2023 MGM Resorts and Caesars Entertainment breaches — has resumed operations targeting US retail and hospitality companies using AI-enhanced vishing and help desk impersonation attacks.
SAP NetWeaver Zero-Day (CVE-2026-2030): Unauthenticated RCE Under Active Exploitation
SAP released an emergency patch for CVE-2026-2030, a critical unauthenticated remote code execution vulnerability in SAP NetWeaver Application Server Java. CVSS score 10.0. Attackers are actively deploying webshells on unpatched systems.
CISA Releases Free Ransomware Response Playbook Tailored for Small Businesses
CISA published a comprehensive, step-by-step ransomware response playbook specifically designed for small and medium-sized businesses without dedicated security teams. The free guide covers detection, containment, recovery, and reporting.
Google Pushes Emergency Patches for Chrome and Android — Update Both Now
Google released out-of-band security updates for Chrome (CVE-2026-2211) and Android (CVE-2026-2198), both rated Critical and confirmed exploited in the wild. Chrome's flaw enables sandbox escape; Android's allows privilege escalation without user interaction.
FTC Safeguards Rule: What Every SMB Needs to Know
The FTC Safeguards Rule isn't just for banks. Auto dealers, tax preparers, accountants, mortgage brokers, and dozens of other small businesses are legally required to have a comprehensive information security program — or face penalties up to $51,744 per day. Here's exactly who must comply and what the 9 required elements are.
AI-Powered Phishing Kits Now Bypassing MFA in Real Time — What SMBs Must Know
Security researchers documented a new generation of adversary-in-the-middle (AiTM) phishing kits using AI to generate convincing lure pages in real time and bypass SMS and app-based MFA. Over 40,000 businesses targeted in Q1 2026.
Need Help Addressing These Threats?
Our team monitors these vulnerabilities and can help you patch, assess, and protect your business before attackers strike.