TL;DR — This Week's Key Takeaways
Scattered Spider is back targeting US retailers and hospitality with advanced social engineering. SAP NetWeaver has a critical zero-day under active exploitation — patch immediately. CISA released a free ransomware response playbook tailored for SMBs. Google Chrome and Android both received emergency security patches this week.
CRITICALTHREAT5 min
Scattered Spider Returns: Retail & Hospitality Firms Hit with Advanced Social Engineering
The notorious Scattered Spider threat group — responsible for the 2023 MGM Resorts and Caesars Entertainment breaches — has resumed operations targeting US retail and hospitality companies using AI-enhanced vishing and help desk impersonation attacks.
Action Items
›Train your help desk staff to never reset MFA or passwords based solely on a phone call — require in-person or video verification
›Implement a callback verification policy using a known number before any privileged account changes
›Enable phishing-resistant MFA (FIDO2/passkeys) — SMS and voice OTP can be bypassed by Scattered Spider
+2 more at segler.net/security-news
Affected Systems
IT Help Desk SystemsIdentity Providers (Okta, Azure AD)VPN & Remote AccessCloud Environments (AWS, Azure, GCP)
CRITICALBREACH4 min
CVE-2026-2030
SAP NetWeaver Zero-Day (CVE-2026-2030): Unauthenticated RCE Under Active Exploitation
SAP released an emergency patch for CVE-2026-2030, a critical unauthenticated remote code execution vulnerability in SAP NetWeaver Application Server Java. CVSS score 10.0. Attackers are actively deploying webshells on unpatched systems.
Action Items
›Apply SAP's emergency patch immediately — CVSS 10.0 means maximum severity
›If patching is not immediately possible, restrict access to the SAP NetWeaver AS Java management interface
›Scan your SAP systems for webshells — attackers are deploying them within hours of gaining access
+2 more at segler.net/security-news
Affected Systems
SAP NetWeaver AS Java 7.50SAP NetWeaver AS Java 7.53SAP NetWeaver AS Java 7.54SAP S/4HANA (Java stack components)
INFOADVISORY4 min
CISA Releases Free Ransomware Response Playbook Tailored for Small Businesses
CISA published a comprehensive, step-by-step ransomware response playbook specifically designed for small and medium-sized businesses without dedicated security teams. The free guide covers detection, containment, recovery, and reporting.
Action Items
›Download CISA's free SMB Ransomware Response Playbook at cisa.gov — it's immediately actionable
›Designate a ransomware response lead before an incident occurs — confusion costs critical time
›Know your backup status right now: when were they last tested? Are they offline or immutable?
+2 more at segler.net/security-news
CRITICALPATCH3 min
CVE-2026-2211CVE-2026-2198
Google Pushes Emergency Patches for Chrome and Android — Update Both Now
Google released out-of-band security updates for Chrome (CVE-2026-2211) and Android (CVE-2026-2198), both rated Critical and confirmed exploited in the wild. Chrome's flaw enables sandbox escape; Android's allows privilege escalation without user interaction.
Action Items
›Update Chrome to version 135.0.7049.84 or later immediately on all devices
›Apply the April Android security update on all company-owned and BYOD Android devices
›Enable automatic updates on all Android devices — many users delay updates for weeks
+2 more at segler.net/security-news
Affected Systems
Google Chrome (all versions prior to 135.0.7049.84)Android 12, 13, 14, 15Chromium-based browsers (Edge, Brave, Opera)
HIGHCOMPLIANCE14 min
FTC Safeguards Rule: What Every SMB Needs to Know
The FTC Safeguards Rule isn't just for banks. Auto dealers, tax preparers, accountants, mortgage brokers, and dozens of other small businesses are legally required to have a comprehensive information security program — or face penalties up to $51,744 per day. Here's exactly who must comply and what the 9 required elements are.
Action Items
›The FTC's Section 5 authority applies to virtually all businesses — you do not need to be in a regulated industry
›Implement and document basic security controls now — the FTC penalizes failure to act after known vulnerabilities
›Conduct and document an annual security risk assessment — this is the FTC's baseline expectation
+2 more at segler.net/security-news
HIGHTHREAT4 min
AI-Powered Phishing Kits Now Bypassing MFA in Real Time — What SMBs Must Know
Security researchers documented a new generation of adversary-in-the-middle (AiTM) phishing kits using AI to generate convincing lure pages in real time and bypass SMS and app-based MFA. Over 40,000 businesses targeted in Q1 2026.
Action Items
›SMS and app-based TOTP MFA can be bypassed by AiTM phishing — upgrade to FIDO2/passkeys for critical accounts
›Train employees to always verify the URL before entering credentials — AiTM pages look identical to real login pages
›Enable Conditional Access policies that flag impossible travel and new device logins for review
+2 more at segler.net/security-news