Morning Review in IT Security — April 29, 2026

The threat landscape continues to evolve with sophisticated social engineering tactics, ransomware vulnerabilities, supply chain compromises, and law enforcement actions against prominent threat actors. Today's review covers critical developments that security teams should monitor closely.

BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

The North Korean threat group BlueNoroff has escalated its operational sophistication by leveraging stolen victim videos and AI-generated avatars to conduct fake Zoom calls. This innovative social engineering approach enables the group to scale malware attacks against cryptocurrency executives by using compromised individuals as unwitting lures for further victims. The technique demonstrates how adversaries are weaponizing deepfake technology and stolen personal data to enhance their targeting capabilities.

Source: BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

Broken VECT 2.0 Ransomware Acts as a Data Wiper for Large Files

Security researchers have identified a critical flaw in VECT 2.0 ransomware that fundamentally undermines its encryption mechanism. The malware contains a vulnerability in how it handles encryption nonces, which causes it to permanently destroy larger files rather than encrypt them properly. This defect transforms the ransomware into an unintended data wiper, potentially rendering affected systems unrecoverable even if victims were willing to pay ransom demands.

Source: Broken VECT 2.0 ransomware acts as a data wiper for large files

Video Service Vimeo Confirms Anodot Breach Exposed User Data

Vimeo has publicly disclosed that customer and user data was accessed without authorization following a breach at Anodot, a data anomaly detection company. The compromise of Anodot's systems resulted in unauthorized access to information belonging to Vimeo's user base, highlighting the cascading risks inherent in third-party service dependencies and supply chain relationships.

Source: Video service Vimeo confirms Anodot breach exposed user data

US Reportedly Charges Scattered Spider Hacker Arrested in Finland

Federal authorities have charged a 19-year-old dual United States and Estonian citizen with crimes related to his alleged membership in the Scattered Spider hacking collective. The individual was arrested in Finland earlier this month and now faces federal charges in the United States for his prolific activities within the notorious group. This law enforcement action represents a significant disruption against one of the most active ransomware-affiliated threat collectives.

Source: US reportedly charges Scattered Spider hacker arrested in Finland

Today's developments underscore the importance of multi-layered defense strategies that account for AI-enhanced social engineering, supply chain vulnerabilities, and the persistent threat posed by organized cybercriminal groups despite ongoing law enforcement efforts.