Threat Briefing: May 1, 2026

Cybercriminals are scaling attacks by exploiting trust and the platforms people use daily. Social media drives billions in fraud losses, investment scams, fake ads, compromised accounts. Advanced groups like BlueNoroff layer on AI-generated identities and fake video calls to target crypto executives and deploy malware. Supply chain compromises and fake CAPTCHA campaigns extend the reach further.

The pattern is clear: low-cost, high-scale attacks combining technical exploitation with social engineering. The response requires stronger identity verification, tighter controls, and consistent security fundamentals.

• Social Media Is Now America’s Biggest Scam Funnel – FTC data shows social media fraud cost Americans $2.1B in 2025, an eightfold increase since 2020. Nearly 30% of victims traced the fraud to a social network, with Facebook leading reported losses. Investment fraud caused the most financial damage; shopping scams were most common, often via fake ads and brand pages. Scammers exploit targeting tools, compromised accounts, and personal data to reach victims across all age groups. BleepingComputer
• BlueNoroff Turns Fake Zoom Calls Into a Self-Fueling Attack Loop – North Korea’s BlueNoroff is targeting crypto executives with fake Zoom meetings featuring AI-generated avatars and stolen footage. Victims are lured into a fake lobby where webcam access is silently granted—footage then recycled to make future attacks more convincing. The self-reinforcing cycle underscores the need for strict meeting verification and access controls around sensitive systems.Dark Reading
• Supply Chain Attack Poisons Widely Used SAP npm Packages – Four SAP npm packages were compromised in an attack dubbed “Mini Shai-Hulud,” injecting malware into packages with over 500K weekly downloads. The malicious code stole credentials and cloud secrets, exfiltrating data through public GitHub repos. Attributed to the TeamPCP group, the attack exploited a compromised npm token. Organizations using SAP BTP workflows should audit installations against the affected versions. SecurityWeek
• Fake CAPTCHAs and Hijacked Ad Tools Drive Global Telecom and Crypto Fraud – A fraud campaign active since 2020 uses fake CAPTCHA flows to trick users into sending costly international SMS messages, generating revenue for fraudsters while billing victims and straining carriers. Researchers identified 35+ phone numbers across 17 countries. Separately, the Keitaro traffic distribution system is being abused to run crypto scams via deepfake endorsements and deceptive ads—highlighting how legitimate infrastructure is increasingly weaponized for fraud. The Hacker News