Daily Threat Briefing – May 3, 2026

This intelligence briefing highlights multiple high-risk incidents including active mass exploitation of a critical cPanel RCE (CVE-2026-41940) delivering 'Sorry' ransomware, GRU-linked large-scale harvesting of Microsoft Office authentication tokens via vulnerable routers, a 30,000-account Facebook credential compromise using Google AppSheet phishing, a Trellix source-code repository breach creating supply-chain risk, and the emergence of an automated Azure OAuth abuse tool ('ConsentFix v3'); the report urges immediate patching, token revocation, OAuth consent reviews, and enhanced monitoring.