Hackers Hijack Axios npm Package to Spread RATs
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
143
Last update
Apr 1, 2026, 09:21 AM (UTC)
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
Axios NPM Package Breached in North Korean Supply Chain Attack
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as…
Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents
Palo Alto Networks has disclosed the details of its analysis of Google Cloud Platform’s Vertex AI. The post Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents appeared first on SecurityWeek.
Google Drive ransomware detection now on by default for paying users
Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. [...]
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthrop…
New Windows 11 emergency update fixes preview update install issues
Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. [...]
Claude Code source code accidentally leaked in NPM package
Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. [...]
Google now allows you to change your @gmail.com address
Google is rolling out a new feature in the U.S. that allows users to change their @gmail address or create a new alias. [...]
Proton launches new "Meet" privacy-focused conferencing platform
Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. [...]
GIGABYTE Control Center vulnerable to arbitrary file write flaw
The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. [...]
Claude AI finds Vim, Emacs RCE bugs that trigger on file open
Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. [...]
Android Developer Verification Rollout Begins Ahead of September Enforcement
Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that…
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. [...]
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502…
Censys Raises $70 Million for Internet Intelligence Platform
The latest funding round brings the total venture capital investment in Censys to $149 million. The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek.
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared first on SecurityWeek.
Maryland Man Charged Over $53m Uranium Finance Crypto Hack
Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The post Stolen Logins Are Fueling Everything From Ransomware to N…
Venom Stealer Raises Stakes With Continuous Credential Harvesting
Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The post Venom Stealer Raises Stakes With Continuous Credential Harvesting appeared first on SecurityWeek.
How to Categorize AI Agents and Prioritize Risk
AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. [...]
Phantom Project Bundles Infostealer, Crypter and RAT For Sale
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service
Hackers compromise Axios npm package to drop cross-platform malware
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. [...]
TeamPCP Moves From OSS to AWS Environments
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek.
CrewAI Vulnerabilities Expose Devices to Hacking
Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code. The post CrewAI Vulnerabilities Expose Devices to Hacking appeared first on SecurityWeek.
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organizat…
ChatGPT Security Issue Enabled Data Theft via Single Prompt
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
The CISO Gap: Why Every Business Needs Cybersecurity Leadership
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 31, 2026 – Read the full story in Forbes One message has persisted over the past few years: cybersecurity is no longer an IT concern; it has become a fundamental busine…
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
Microsoft has resolved a known issue that rendered the classic Outlook email client unusable for users who enabled the Microsoft Teams Meeting Add-in. [...]
Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
Google researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits. The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption appeared first on SecurityWeek.
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern e…
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messen…
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.
Employee Data Breaches Surge to Seven-Year High
Analysis from law firm Nockolds suggests non-cyber incidents are driving up employee data breaches
Hacker charged with stealing $53 million from Uranium crypto exchange
U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer. [...]
NCSC Urges Immediate Patching of F5 BIG-IP Bug
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521
Dutch Finance Ministry takes treasury banking portal offline after breach
The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. [...]
CISA orders feds to patch actively exploited Citrix flaw by Thursday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. [...]
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and…
Healthcare tech firm CareCloud says hackers stole patient data
Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. [...]
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation i…
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credentia…
AI SOC: Definition, Components & Architecture
AI-Driven Security and SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 30, 2026 Mid-market organizations face sophisticated cyber threats with constrained security budgets and lea…
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers
Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying…
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fix…
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and i…
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 a…
Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability
ICO Fines UK Nuisance Call Scammers £100,000
The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC
European Commission Confirms Cloud Data Breach
The European Commission has revealed details of a data breach impacting its AWS infrastructure
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, in…
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried…
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of ins…
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian sta…
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerab…
Who’s Who In Domain Security: 10 Companies To Watch In 2026
Resource guide for CISOs and MSSPs – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Mar. 27, 2026 Domain security unexpectedly and repeatedly came up in Cybercrime Magazine’s discussions with chief information security officers (CISOs) and managed security…
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks ta…
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python P…
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the regi…
Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
Security As A Service: 7 Ways Coworking Spaces Can Upgrade Digital Trust In 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 27, 2026 –Read the full story from CANOPY Cybercrime damage was on pace to hit $10.5 trillion in 2025, according to Cybersecurity Ventures. A single U.S. data breach av…
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target,…
UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
We Are At War
Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it. Introduction: One tech power to rule them all is a thing of the past The rel…
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed Gen…
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source…
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access me…
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s wh…
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that…
Who’s Who In Domain Security: CISOs And MSSPs at RSAC 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 26, 2026 The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos was released on the first day of the RSAC Conference in San Francisco earlier this…
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing of…
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everyth…
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings fro…
Iran-Linked Pay2Key Ransomware Group Re-Emerges
Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns
The National Crime Agency has warned construction firms about surging invoice fraud
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses…
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a reside…
Cloud Phones Linked to Rising Financial Fraud Threat
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts
Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extensio…
Investors Want To Know: Is Cybersecurity A Growth Sector Or A Cost Center?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 25, 2026 – Read the full story from StocksToday.com This past weekend, Stocks today.com shared an economic observation about physical constraints—blocked shipping lanes…
US: FCC Bans Foreign-Made Routers Over National Security Concerns
The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance,…
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Ange…
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was fi…
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations
Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown
UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying…
RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards
The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent bac…
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security pr…
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what cl…
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documen…
Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage
Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory
New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe
Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience
Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security
Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index
The Global CISO Landscape: A Leadership Gap Too Large To Ignore
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 24, 2026 – Read the full story from Sophos The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in glob…
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, mis…
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all publis…
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by…
Russian Initial Access Broker Handed 81-Month Sentence
Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals
The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organi…
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVS…
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS…
Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems
ISACA survey found that confusion over responsibility and lack of understanding around AI cyber-attacks makes containing them difficult
Tycoon2FA Phishing Service Resumes Activity Post-Takedown
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the…
Autonomous SOC: What It Is, Key Benefits and Core Challenges
Six Predictions for the AI-Driven SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 23, 2026 SOC Key Takeaways: What is Autonomous SOC solving? It addresses critical challenges in s…
High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports
High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, lo…
35,000 Chief Information Security Officers Employed Globally in 2026
2026 CISO Report from Cybersecurity Ventures in partnership with Sophos Sausalito, Calif. – Mar. 23, 2026 – Read the Full Report MSPs and MSSPs, the force multiplier in security leadership, are positioned to provide SMBs with CISO services. The world’s small t…
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
Operation Alice Takes Down 370,000+ Dark Web Sites
German-led policing effort against fraud operation disrupts countless CSAM and cybercrime sites
Cybersecurity Ventures Will See You At RSAC Conference 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 20, 2026 If you’re making the pilgrimage to RSAC 2026 in San Francisco next week, then we might see you there. For the past five years, Cybersecurity Ventures has been…
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day
NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online
The National Crime Agency’s director general warns that technology is rapidly reshaping crime
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web camera…
Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Financial Brands Targeted in Global Mobile Banking Malware Surge
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices
FCA Updates Cyber Incident and Third-Party Reporting Rules
The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response
Page 1 of 1 0 results