Canary Trap’s Bi-Weekly Cyber Roundup

Bi-weekly Canary Trap roundup: MuddyWater used Chaos ransomware branding to mask espionage and deploy backdoors via social engineering and remote access tools; a Romanian national was extradited in a 17-year bank-fraud/vishing scheme; bot-driven automation is an escalating threat to high-traffic consumer platforms; Apache fixed a critical HTTP/2 double-free (CVE-2026-23918, CVSS 8.8) with PoC that can enable RCE under certain configurations; and cargo theft is increasingly cyber-enabled, amplifying physical losses.