---
title: "Zara Data Exposed, Medtronic Cyberattack Confirmed, Trellix Repository Breached – Cybersecurity News [May 04, 2026] | DuoCircle"
description: "Here’s your weekly roundup of the most important cybersecurity stories from the past week, covering major data breaches, critical vulnerabilities."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/"
---

Quick Answer

Here’s your weekly roundup of the most important cybersecurity stories from the past week, covering major data breaches, critical vulnerabilities, new malware threats, and significant law enforcement developments shaping the global cybersecurity landscape. Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fcyber-security-news-update-week-19-of-2026%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Zara%20Data%20Exposed%2C%20Medtronic%20Cyberattack%20Confirmed%2C%20Trellix%20Repository%20Breached%20%E2%80%93%20Cybersecurity%20News%20%5BMay%2004%2C%202026%5D&url=undefined%2Fblog%2Fcyber-security-news-update-week-19-of-2026%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fcyber-security-news-update-week-19-of-2026%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fcyber-security-news-update-week-19-of-2026%2F&title=Zara%20Data%20Exposed%2C%20Medtronic%20Cyberattack%20Confirmed%2C%20Trellix%20Repository%20Breached%20%E2%80%93%20Cybersecurity%20News%20%5BMay%2004%2C%202026%5D "Share on Reddit") [ ](mailto:?subject=Zara%20Data%20Exposed%2C%20Medtronic%20Cyberattack%20Confirmed%2C%20Trellix%20Repository%20Breached%20%E2%80%93%20Cybersecurity%20News%20%5BMay%2004%2C%202026%5D&body=Check out this article: undefined%2Fblog%2Fcyber-security-news-update-week-19-of-2026%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2026/05/spf-record-4509.jpg) 

Here’s your weekly roundup of the most important cybersecurity stories from the past week, covering major data breaches, critical vulnerabilities, new malware threats, and **significant law enforcement developments** shaping the global [cybersecurity](/) landscape.

### Zara Data Breach Exposes Personal Data of Nearly 200,000 Customers

Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned.

Other breaches recently claimed by the same [threat actors](/blog/email-security/what-threat-actor-can-do-with-your-emails-without-password) include Google, Cisco, PornHub, Match Group, Vimeo, Rockstar Games, ADT, the European Commission, edtech giant McGraw Hill, Medtronic, cruise line operator Carnival, convenience store chain 7-Eleven, and online training company Udemy. The [Zara breach](https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/) adds yet another **major consumer brand** to an already alarming list of compromised organisations.

### Medtronic Confirms Cyberattack — ShinyHunters Claims 9 Million Patient Records Stolen

Medtronic confirmed that an unauthorized party accessed data in some of its **corporate IT systems**, becoming the latest major medical device manufacturer [targeted by cybercriminals](https://www.aha.org/news/headline/2026-03-12-medical-technology-company-stryker-disrupted-globally-cyberattack) in 2026.

Prior to the official announcement, ShinyHunters claimed responsibility and stated it had exfiltrated terabytes of Medtronic data, including over 9 million records containing personally identifiable information. The group threatened to publish the stolen data unless a ransom was paid by **April 21, 2026**. Medtronic was subsequently removed from the leak site, suggesting the company either [paid the ransom](https://www.bbc.com/news/articles/ce3pq0136eqo) or entered into active negotiations.

_Medtronic stated it found no impact on its products, patient safety, or manufacturing operations, and filed a Form 8-K with the SEC indicating the incident is not expected to have a material financial impact_. 

[![stolen records](https://media.mailhop.org/duocircle/images/2026/05/SMTP-providers-1106.jpg)](https://media.mailhop.org/duocircle/images/2026/05/SMTP-providers-1106.jpg)

### Trellix Source Code Repository Breached — RansomHouse Claims Responsibility

Cybersecurity vendor Trellix confirmed unauthorized access to a portion of its source code repository. **On May 7, 2026**, the ransomware group RansomHouse claimed responsibility for the hack, listing the company on its [dark web data leak](https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html) site.

Cybernews researchers who reviewed material published by the attackers suggest the breach may extend far deeper than source code alone, with screenshots appearing to show dashboards linked to **enterprise infrastructure platforms** commonly used to manage data storage, [IT infrastructure](https://www.ibm.com/think/topics/infrastructure), and virtual machines. This is particularly alarming given that Trellix protects more than 200 million endpoints and serves over 50,000 business and government customers worldwide.

Trellix stated it has found no evidence that its source code release or distribution process was affected or exploited, and has **engaged forensic experts** and notified [law enforcement](https://en.wikipedia.org/wiki/Law%5Fenforcement%5Fin%5Fthe%5FUnited%5FStates).

### Ivanti EPMM Zero-Day Under Active Exploitation — CISA Orders Federal Agencies to Patch Immediately

A high-severity vulnerability in Ivanti [Endpoint Manager Mobile (EPMM)](https://www.rapid7.com/blog/post/etr-critical-ivanti-endpoint-manager-mobile-epmm-zero-day-exploited-in-the-wild-eitw-cve-2026-1281-1340/), tracked as **CVE-2026-6973 with a CVSS score** of 7.2, has been found under active exploitation. The flaw allows a remotely authenticated user with administrative [access to achieve](https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html) remote code execution.

CISA gave **U.S. federal agencies** four days to secure their networks against the vulnerability. _The development prompted CISA to add the flaw to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to apply fixes by May 10, 2026_. Ivanti noted that organisations that had already followed earlier credential-rotation guidance significantly reduced their exposure to this new flaw.

### TCLBANKER: Dangerous Brazilian Banking Trojan Targets 59 Financial Platforms via WhatsApp and Outlook

A new banking trojan known as [TCLBANKER](https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html) has been discovered by Elastic Security Labs, tracked under campaign REF3076\. Attackers deliver it using a trojanized version of a legitimate, digitally signed Logitech installer, abusing a technique called DLL sideloading to load a malicious file without raising suspicion.

The [malware](/email/phishing-protection/) targets users who visit any of 59 banking, fintech, and cryptocurrency platforms. To steal credentials, it displays fake full-screen overlays built with **Windows Presentation Foundation** that look exactly like real banking prompts or Windows Update screens, blocking keyboard shortcuts and screen-capture tools to prevent victims from detecting the fraud. 

_What makes TCLBANKER particularly dangerous is its self-propagating capability_. One worm module hijacks the victim’s active WhatsApp Web session to silently message Brazilian contacts with a download link, while a **second module abuses** Microsoft Outlook to send convincing phishing emails from the victim’s own account.

[![165 vulnerabilities](https://media.mailhop.org/duocircle/images/2026/05/SMTP-email-server-1105.jpg)](https://media.mailhop.org/duocircle/images/2026/05/SMTP-email-server-1105.jpg)

### Microsoft’s May Patch Tuesday: 165 Vulnerabilities Fixed Including an Exploited SharePoint Zero-Day

Microsoft’s latest Patch Tuesday updates **addressed 165 vulnerabilities**, including an actively exploited [SharePoint Server zero-day tracked](https://www.scworld.com/news/sharepoint-servers-hit-with-zero-day-feds-must-patch-immediately) as CVE-2026-32201\. The flaw has been described as a spoofing issue caused by improper input validation, potentially allowing an unauthorised attacker to access and alter sensitive information over a network. 

The SharePoint zero-day is being actively exploited in the wild, and organisations are urged to prioritise patching and restrict internet exposure of SharePoint servers. _The scale and breadth of this month’s Patch Tuesday release underscores the ongoing pressure on security teams to keep pace with the volume of critical fixes_.

### New Linux Zero-Day “Dirty Frag” Gives Local Attackers Root Privileges with a Single Command

A new Linux zero-day exploit named Dirty Frag allows local attackers to gain root privileges on most major Linux distributions with a single command.

Dirty Frag was discovered and reported by **Hyunwoo Kim** and is the second major local privilege escalation vulnerability disclosed in the Linux kernel within two weeks, following the earlier “Copy Fail” vulnerability (CVE-2026-31431). System administrators running Linux environments are strongly advised to monitor vendor advisories and apply kernel patches as soon as they become available.

### NVIDIA GeForce NOW Alliance Partner Breached — User Data Exposed for Nearly Two Months

A data breach at GFN.AM, an authorised NVIDIA GeForce NOW Alliance partner in Armenia, was disclosed on May 5, 2026\. The company revealed that unauthorised access to its backend database had occurred as far back as **March 9, 2026** — approximately 54 days before discovery.

_The breach exposed the user database, including first names, email addresses, nicknames, usernames, dates of birth, membership details, two-factor authentication status, and internal role information_. NVIDIA confirmed the incident to BleepingComputer, stating that only users registered on or before March 9, 2026, are affected. Importantly, account passwords were reportedly not compromised. 

[![Financial platforms](https://media.mailhop.org/duocircle/images/2026/05/DMARC-report-service-1109.jpg)](https://media.mailhop.org/duocircle/images/2026/05/DMARC-report-service-1109.jpg)

### Cushman & Wakefield Confirms Breach — ShinyHunters Leaks 500,000+ Salesforce Records

[Cushman & Wakefield](https://cybernews.com/news/cushman-wakefield-shinyhunters-salesforce-breach-claim/) confirmed a vishing-related security breach after both ShinyHunters and Qilin listed the commercial real estate giant on their dark web leak sites, with ShinyHunters claiming it stole more than **500,000 Salesforce records**.

The ransomware attack exposed a significant volume of [personally identifiable information](https://www.investopedia.com/terms/p/personally-identifiable-information-pii.asp) and internal corporate data. ShinyHunters published the data trove after claiming that ransom negotiations with the company had broken down, adding Cushman & Wakefield to a growing list of high-profile victims the group has targeted in 2026.

### Virginia Man Convicted for Plotting to Destroy Dozens of Government Databases After Being Fired

_A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after being fired from his job as a federal contractor_. The case highlights the persistent and serious risk posed by disgruntled insiders with privileged access to government systems. Security experts continue to urge organisations to implement strict access revocation procedures the moment an **employee’s relationship** with the organisation changes, with no delay in removing credentials or system permissions. 

### Ukrainian Police Dismantle Roblox Account Hijacking Ring That Stole 610,000 Accounts

Ukrainian police dismantled a hacking ring responsible for hijacking and selling over 610,000 Roblox accounts, **generating roughly $225,000** in illicit profits. The operation demonstrates the growing monetisation of gaming-related cybercrime, where stolen accounts — even those associated with entertainment platforms — are packaged and sold through underground marketplaces.

The takedown serves as a reminder that young users are prime targets for credential theft, and that enabling [two-factor authentication](https://www.ibm.com/think/topics/2fa) on gaming accounts is no longer optional.

### Fake Call History Apps Racked Up 7.3 Million Downloads on Google Play While Defrauding Users

Cybersecurity researchers discovered fraudulent apps on the **official Google Play Store** that falsely claimed to offer access to call histories for any phone number, only to [trick users into paid subscriptions](https://www.bbc.com/news/articles/cg7dy9018jxo) that delivered completely fake data. The 28 apps collectively racked up more than 7.3 million downloads, with one app alone accounting for a significant share. 

[![fraudulent downloads](https://media.mailhop.org/duocircle/images/2026/05/buy-smtp-1107.jpg)](https://media.mailhop.org/duocircle/images/2026/05/buy-smtp-1107.jpg)

The incident raises fresh concerns about the effectiveness of app store vetting processes. Users are reminded to scrutinise permissions, check developer credibility, and read reviews carefully before downloading any app — even those **hosted on official storefronts**.

### China-Linked APT Group Conducting Espionage Campaigns Across South America and Europe

_A sophisticated China-linked advanced persistent threat group has been targeting government entities in South America since at least late 2024 and in Southeastern Europe since 2025, according to security researchers_. The campaign reflects a continued pattern of [state-sponsored actors](https://securityaffairs.com/191831/security/nation-state-actors-exploit-palo-alto-pan-os-zero-day-for-weeks.html) expanding their operational scope beyond traditional targets, using government institutions as espionage stepping stones. 

Researchers urge government bodies in the affected regions to **audit third-party access**, review network segmentation, and implement stronger monitoring of lateral movement within their environments.

## Topics

cyber securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]  Jan 2, 2025 ](/blog/announcements/cyber-security-news-update-week-1-of-2025/)[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Zara Data Exposed, Medtronic Cyberattack Confirmed, Trellix Repository Breached – Cybersecurity News [May 04, 2026]","description":"Here’s your weekly roundup of the most important cybersecurity stories from the past week, covering major data breaches, critical vulnerabilities.","url":"https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/","datePublished":"2026-05-11T15:59:01.000Z","dateModified":"2026-05-11T15:59:49.000Z","dateCreated":"2026-05-11T15:59:01.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1446,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2026/05/spf-record-4509.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Zara Data Exposed, Medtronic Cyberattack Confirmed, Trellix Repository Breached – Cybersecurity News [May 04, 2026]","item":"https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Zara Data Exposed, Medtronic Cyberattack Confirmed, Trellix Repository Breached – Cybersecurity News [May 04, 2026]","item":"https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Zara Data Exposed, Medtronic Cyberattack Confirmed, Trellix Repository Breached – Cybersecurity News [May 04, 2026]","description":"Here’s your weekly roundup of the most important cybersecurity stories from the past week, covering major data breaches, critical vulnerabilities.","url":"https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/","datePublished":"2026-05-11T15:59:01.000Z","dateModified":"2026-05-11T15:59:49.000Z","dateCreated":"2026-05-11T15:59:01.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/cyber-security-news-update-week-19-of-2026/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1446,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2026/05/spf-record-4509.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```