Security Brief Daily

Episode 25 — 13 Apr 2026 1. Critical Marimo pre-auth RCE flaw now under active exploitation Source: Bleeping Computer Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform just 10 hours after its public disclosure. The flaw allows remote code execution without authentication in Marimo versions 0.20.4 and earlier. It tracked as... 2. Over 20,000 crypto fraud victims identified in international crackdown Source: Bleeping Computer An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. Dubbed "Operation Atlantic," this joint action took place last month, and... 3. OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident Source: The Hacker News OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that... 4. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Source: The Hacker News Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the... 5. CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Source: The Hacker News Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan...

Episode 23 — 11 Apr 2026 1. Nearly 4,000 US industrial devices exposed to Iranian cyberattacks Source: Bleeping Computer The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. According to a joint advisory issued by... 2. Eurail says December data breach impacts 300,000 individuals Source: Bleeping Computer Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail... 3. Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Source: The Hacker News A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a... 4. Microsoft: Canadian employees targeted in payroll pirate attacks Source: Bleeping Computer A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. The attackers used malicious Microsoft 365 sign-in pages to steal victims' authentication tokens and session... 5. When attackers already have the keys, MFA is just another door to open Source: Bleeping Computer When attackers already have the keys, MFA is just another door to open Sponsored by Token April 9, 2026 10:02 AM 0 The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an... 6. GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Source: The Hacker News Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in... 7. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region Source: The Hacker News An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and... 8. CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads Source: Bleeping Computer Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. The two utilities have millions of users who rely on them for tracking the physical health of...

Episode 22 — 10 Apr 2026 1. Hackers exploiting Acrobat Reader zero-day flaw since December Source: Bleeping Computer Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. The attacks have been discovered by security researcher Haifei Li (the founder of the sandbox-based exploit-detection platform EXPMON), who... 2. Healthcare IT solutions provider ChipSoft hit by ransomware attack Source: Bleeping Computer Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. ChipSoft is a large provider of Electronic Health Record (EHR) systems in the... 3. Smart Slider updates hijacked to push malicious WordPress, Joomla versions Source: Bleeping Computer Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. The developer says that only the Pro version 3.5.1.35 of the plugin is affected and recommends switching immediately to the... 4. Hackers use pixel-large SVG trick to hide credit card stealer Source: Bleeping Computer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate... 5. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region Source: The Hacker News An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and... 6. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices Source: The Hacker News Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of... 7. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Source: The Hacker News The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography,... 8. New ‘LucidRook’ malware used in targeted attacks on NGOs, universities Source: Bleeping Computer A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. Cisco Talos researchers attribute the malware to a threat group tracked internally as UAT-10362, who they describe as a...

Episode 21 — 09 Apr 2026 1. Hackers use pixel-large SVG trick to hide credit card stealer Source: Bleeping Computer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate... 2. CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday Source: Bleeping Computer CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. Tracked as CVE-2026-1340 , this critical-severity code injection flaw... 3. 13-year-old bug in ActiveMQ lets hackers remotely execute commands Source: Bleeping Computer Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The flaw was uncovered using the Claude AI assistant, which identified an exploit... 4. Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins Source: Bleeping Computer An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28,... 5. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices Source: The Hacker News Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of... 6. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Source: The Hacker News 7. Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Source: The Hacker News Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to... 8. Russia Hacked Routers to Steal Microsoft Office Tokens Source: Krebs on Security Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon...

Episode 20 — 08 Apr 2026 1. Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins Source: Bleeping Computer An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28,... 2. Max severity Flowise RCE vulnerability now exploited in attacks Source: Bleeping Computer Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The flaw allows injecting JavaScript code without any security checks and was... 3. US warns of Iranian hackers targeting critical infrastructure Source: Bleeping Computer Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. The warning came earlier today in the form of a joint advisory authored by the FBI, CISA, NSA, the... 4. Hackers exploit critical flaw in Ninja Forms WordPress plugin Source: Bleeping Computer A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. Identified as CVE-2026-0740, the issue is currently exploited in attacks. According to... 5. Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Source: The Hacker News Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to... 6. Russia Hacked Routers to Steal Microsoft Office Tokens Source: Krebs on Security Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon... 7. Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Source: The Hacker News A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for... 8. N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust Source: The Hacker News The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling [...], while...

Episode 18 — 06 Apr 2026 1. New FortiClient EMS flaw exploited in attacks, emergency patch released Source: Bleeping Computer Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. Tracked as CVE-2026-35616, the flaw is an improper access control vulnerability that allows... 2. Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab Source: Krebs on Security An elusive hacker who went by the handle “ UNKN ” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least... 3. Hackers exploit React2Shell in automated credential theft campaign Source: Bleeping Computer Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. At least 766 hosts across various cloud providers and geographies have been compromised to collect database and AWS... 4. Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Source: The Hacker News Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading... 5. BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks Source: The Hacker News Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN,... 6. Axios npm hack used fake Teams error fix to hijack maintainer account Source: Bleeping Computer The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers. This follows the threat actors compromising a maintainer account to... 7. Traffic violation scams switch to QR codes in new phishing texts Source: Bleeping Computer Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. This is... 8. $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation Source: The Hacker News Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of...

Episode 17 — 05 Apr 2026 1. Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Source: The Hacker News Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading... 2. Axios npm hack used fake Teams error fix to hijack maintainer account Source: Bleeping Computer The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers. This follows the threat actors compromising a maintainer account to... 3. Evolution of Ransomware: Multi-Extortion Ransomware Attacks Source: Bleeping Computer Evolution of Ransomware: Multi-Extortion Ransomware Attacks Sponsored by Penta Security April 3, 2026 10:05 AM 0 Ransomware's Real-World Impact Across Industries In February 2026, the University of Mississippi Medical Center (UMMC) fell victim to a ransomware attack. The... 4. 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants Source: The Hacker News Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent... 5. Die Linke German political party confirms data stolen by Qilin ransomware Source: Bleeping Computer The Qilin ransomware group has stolen data from Die Linke, a German democratic socialist political party, and is threatening to leak it. On March 27, a day after the threat actor compromised its network, the party disclosed a cyber incident but stopped short of confirming a... 6. Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Source: The Hacker News Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL... 7. LinkedIn secretly scans for 6,000+ Chrome extensions, collects data Source: Bleeping Computer A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. According to a report by Fairlinked e.V., which claims to be an association of... 8. UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack Source: The Hacker News The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their...

Episode 16 — 04 Apr 2026 1. Critical Cisco IMC auth bypass gives attackers Admin access Source: Bleeping Computer Cisco has released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. Also known as CIMC, Cisco IMC is a hardware module embedded... 2. Claude Code leak used to push infostealer malware on GitHub Source: Bleeping Computer Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as... 3. Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Source: The Hacker News Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL... 4. Hims & Hers warns of data breach after Zendesk support ticket breach Source: Bleeping Computer Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. Hims & Hers is an American telehealth company specializing in the direct-to-consumer healthcare space, providing... 5. Medtech giant Stryker fully operational after data-wiping attack Source: Bleeping Computer Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. The Fortune 500 medtech giant has over... 6. China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing Source: The Hacker News nBO}~'Znz8qB9hF[~C OjlA }].< }B&t툇qmejQBjw˺x4mOn˛!>| eMDނ[|#\C^oŔxvdِߒb BuBuBAhHOV/ k U\:#^ٽIgp5-^L("Pq=)Gqw'jT7)A5n... 7. New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Source: The Hacker News Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within... 8. Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise Source: The Hacker News >bZ/[m J5~fhcּhSre#M 51}IKFx5hm73fq~&x(}#6* 3^uR/F"' :\k\꾶n:juksUpMAy1M @8MT=* z3j-Vwfȥk

Episode 15 — 03 Apr 2026 1. Critical Cisco IMC auth bypass gives attackers Admin access Source: Bleeping Computer Cisco has released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. Also known as CIMC, Cisco IMC is a hardware module embedded... 2. Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Source: Bleeping Computer Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates... 3. CERT-EU: European Commission hack exposes data of 30 EU entities Source: Bleeping Computer The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. The European Commission publicly disclosed the incident on... 4. New Progress ShareFile flaws can be chained in pre-auth RCE attacks Source: Bleeping Computer Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. Progress ShareFile is a document sharing and collaboration product typically used by large and... 5. Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise Source: The Hacker News Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The... 6. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Source: The Hacker News Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in... 7. Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials Source: The Hacker News A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub... 8. WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action Source: The Hacker News Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the...

Episode 14 — 02 Apr 2026 1. Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Source: Bleeping Computer Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. BIG-IP APM (short for Access Policy Manager) is F5's centralized access... 2. Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Source: Bleeping Computer Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates... 3. Hackers exploit TrueConf zero-day to push malicious software updates Source: Bleeping Computer Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. The flaw is tracked as CVE-2026-3502 and received a medium severity score. It stems from a missing... 4. Google fixes fourth Chrome zero-day exploited in attacks in 2026 Source: Bleeping Computer Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security... 5. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Source: The Hacker News Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in... 6. Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass Source: The Hacker News Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing... 7. Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures Source: The Hacker News A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian... 8. CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails Source: The Hacker News The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors,...

Episode 13 — 01 Apr 2026 1. Cisco source code stolen in Trivy-linked dev environment breach Source: Bleeping Computer Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. A source, who asked to remain anonymous,... 2. Claude Code source code accidentally leaked in NPM package Source: Bleeping Computer Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. While Anthropic pledges support to the open-source community, Claude Code has always remained closed source, at... 3. Claude AI finds Vim, Emacs RCE bugs that trigger on file open Source: Bleeping Computer Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. The assistant also created multiple versions of proof-of-concept (PoC) exploits, refined them, and provided... 4. GIGABYTE Control Center vulnerable to arbitrary file write flaw Source: Bleeping Computer The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that successful exploitation could potentially lead to code execution on the underlying... 5. Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains Source: The Hacker News Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video... 6. TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks Source: The Hacker News A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score:... 7. Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 Source: The Hacker News Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John... 8. Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts Source: The Hacker News Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud...

Episode 12 — 31 Mar 2026 1. CISA orders feds to patch actively exploited Citrix flaw by Thursday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. Multiple cybersecurity companies flagged the flaw (CVE-2026-3055) as posing an... 2. Critical Citrix NetScaler memory flaw actively exploited in attacks Source: Bleeping Computer Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. Citrix initially disclosed CVE-2026-3055 in a security bulletin on March 23, alongside a high-severity race... 3. Dutch Finance Ministry takes treasury banking portal offline after breach Source: Bleeping Computer The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. When it disclosed the incident last week, the ministry said the March 19 security breach didn't affect... 4. Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now Source: Bleeping Computer ​Cybersecurity firm F5 Networks has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. BIG-IP APM (short for Access Policy... 5. Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account Source: The Hacker News The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake... 6. OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability Source: The Hacker News A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert... 7. Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign Source: The Hacker News Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN... 8. Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels Source: The Hacker News Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various...

Episode 11 — 30 Mar 2026 1. Critical Fortinet Forticlient EMS flaw now exploited in attacks Source: Bleeping Computer Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. Tracked as CVE-2026-21643 , this SQL injection vulnerability allows unauthenticated threat actors to execute arbitrary code... 2. European Commission confirms data breach after Europa.eu hack Source: Bleeping Computer The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. BleepingComputer first reported on Friday that this breach affects at least one of the Commission's AWS (Amazon Web... 3. Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign Source: The Hacker News Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN... 4. FBI confirms hack of Director Patel's personal email inbox Source: Bleeping Computer The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. The FBI has confirmed the compromise, saying that the stolen data was not recent and did not include any government data. ​On... 5. Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug Source: The Hacker News A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input... 6. New Infinity Stealer malware grabs macOS data via ClickFix lures Source: Bleeping Computer A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification... 7. Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack Source: The Hacker News Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach,... 8. File read flaw in Smart Slider plugin impacts 500K WordPress sites Source: Bleeping Computer A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated attacker could use it to access sensitive files, such as wp-config.php ,...

Episode 9 — 28 Mar 2026 1. New Infinity Stealer malware grabs macOS data via ClickFix lures Source: Bleeping Computer A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification... 2. Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug Source: The Hacker News A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input... 3. CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in... 4. European Commission investigating breach after Amazon cloud account hack Source: Bleeping Computer The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment. Although the EU's executive cabinet has yet to disclose the incident publicly,... 5. Anti-piracy coalition takes down AnimePlay app with 5 million users Source: Bleeping Computer The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. Backed by more than 50 major television networks and film studios, including Disney, Paramount, Sony Pictures, Warner Bros,... 6. Backdoored Telnyx PyPI package pushes malware hidden in WAV audio Source: Bleeping Computer TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. The supply-chain attack was observed by application security firms Aikido , Socket , and Endor... 7. LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks Source: The Hacker News Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that... 8. Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits Source: The Hacker News Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting...

Episode 8 — 27 Mar 2026 1. European Commission investigating breach after Amazon cloud hack Source: Bleeping Computer The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. Although the EU's executive cabinet has yet to disclose the incident publicly, BleepingComputer has... 2. Anti-piracy coalition takes down AnimePlay app with 5 million users Source: Bleeping Computer The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. Backed by more than 50 major television networks and film studios, including Disney, Paramount, Sony Pictures, Warner Bros,... 3. CISA: New Langflow flaw actively exploited to hijack AI workflows Source: Bleeping Computer The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. The security issue received a critical score of 9.3... 4. Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware Source: The Hacker News ?ԻYJg yu׋W`0*Z/Ң555Fd~)eU4_11C"Ȝ Ll;}Ç|}*‰J81DWzVl4y= K n7/YZqaRK٫YyZ*-v^[88Xp! * mT@^GL{C)8 _&Y,,¢9T98pX@3yNZMZp4... 5. Dutch Police discloses security breach after phishing attack Source: Bleeping Computer The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. It also stated that the incident is still under investigation by the agency's security experts and that the... 6. LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks Source: The Hacker News Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that... 7. WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Source: The Hacker News Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data... 8. Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website Source: The Hacker News Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if...

Episode 7 — 26 Mar 2026 1. TP-Link warns users to patch critical router auth bypass flaw Source: Bleeping Computer TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517 , this security flaw affects Archer NX200, NX210, NX500, and... 2. Coruna iOS exploit framework linked to Triangulation attacks Source: Bleeping Computer The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. The software has been expanded to target modern hardware, specifically including Apple's A17 and M3... 3. Citrix urges admins to patch NetScaler flaws as soon as possible Source: Bleeping Computer Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. The critical... 4. Bubble AI app builder abused to steal Microsoft account credentials Source: Bleeping Computer Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. Because the web app is hosted on a legitimate platform, email security solutions do not flag the... 5. BIND Updates Patch High-Severity Vulnerabilities Source: Security Week Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities 6. Cisco Patches Multiple Vulnerabilities in IOS Software Source: Security Week The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software 7. WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Source: The Hacker News Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data... 8. Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website Source: The Hacker News Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if...

Episode 6 — 25 Mar 2026 1. PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug Source: Bleeping Computer PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. The security issue, identified as CVE-2026-4681, could be leveraged through the deserialization of... 2. Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Source: The Hacker News Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) -... 3. FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns Source: The Hacker News The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications... 4. Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Source: The Hacker News An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered... 5. Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR Source: The Hacker News A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the... 6. Extortion Group Claims It Hacked AstraZeneca Source: Security Week The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data. The post Extortion Group Claims It Hacked AstraZeneca 7. Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool Source: Security Week The role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime. The post Iran Built a Vast Camera Network to Control Dissent. Israel Turned... 8. U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage Source: The Hacker News A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations....

Episode 5 — 24 Mar 2026 1. Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Source: The Hacker News Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) -... 2. Tycoon2FA phishing platform returns after recent police disruption Source: Bleeping Computer The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. Microsoft led the technical disruption, which involved seizing 330 domains part of Tycoon2FA’s backbone... 3. 3.1 Million Impacted by QualDerm Data Breach Source: Security Week Hackers stole personal, medical, and health insurance information from the company’s internal systems. The post 3.1 Million Impacted by QualDerm Data Breach 4. U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage Source: The Hacker News A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations.... 5. ‘CanisterWorm’ Springs Wiper Attack Targeting Iran Source: Krebs on Security A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default... 6. Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials Source: The Hacker News Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user... 7. Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware Source: Security Week The semiconductor company says hackers deployed file-encrypting ransomware on the network of a subsidiary in Singapore. The post Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware 8. CISA orders feds to patch DarkSword iOS flaws exploited attacks Source: Bleeping Computer CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]

Episode 4 — 23 Mar 2026 1. CISA orders feds to patch DarkSword iOS flaws exploited attacks Source: Bleeping Computer CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. As Google Threat Intelligence Group (GTIG) and iVerify researchers revealed last week , the DarkSword delivery... 2. Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems Source: The Hacker News Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer... 3. Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability Source: Security Week CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability 4. Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper Source: The Hacker News Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious...

Episode 2 — 21 Mar 2026 1. Oracle pushes emergency fix for critical Identity Manager RCE flaw Source: Bleeping Computer Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as... 2. CISA orders feds to patch max-severity Cisco flaw by Sunday Source: Bleeping Computer The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. Cisco published a security bulletin about the flaw on... 3. Police take down 373,000 fake CSAM sites in Operation Alice Source: Bleeping Computer An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. The investigation, led by Germany and supported by Europol, began in mid-2021 and focused on a platform called “Alice with Violence CP,”... 4. CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The... 5. FBI links Signal phishing attacks to Russian intelligence services Source: Bleeping Computer The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. The FBI's... 6. Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages Source: The Hacker News The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.... 7. Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover Source: The Hacker News Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the... 8. US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites Source: Security Week The US has seized several domains used by Handala in cyber-enabled psychological operations. The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites