Canary Trap’s Bi-Weekly Cyber Roundup

This newsletter summarizes several concurrent high-impact cyber incidents: a web-skimming breach at the Oregon Zoo exposing payment card data for ~118,000 customers; large-scale SMS phishing enabled by the Xeon Sender tool abusing legitimate cloud SMS APIs; a patched Windows zero-day (CVE-2024-38193) actively exploited by North Korea’s Lazarus Group using the FudModule rootkit; a massive National Public Data leak circulating billions of records including SSNs; and thousands of Oracle NetSuite e-commerce stores leaking customer PII due to misconfigured custom record access controls.