Axios npm hack used fake Teams error fix to hijack maintainer account
April 04, 2026
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believe... (BleepingComputer)
Device code phishing attacks surge 37x as new kits spread online
April 04, 2026
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...] (BleepingComputer)
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
April 04, 2026
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around,... (Help Net Security)
European Commission breach exposed data of 30 EU entities, CERT-EU says
April 04, 2026
CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach t... (Security Affairs)
Elastic Security Integrations Roundup: Q1 2026
April 04, 2026
Elastic Security Labs announces nine new integrations for Elastic Security spanning cloud security, endpoint visibility, email threat detection, identity and SIEM. (Elastic Security Labs)
Friday Squid Blogging: Jurassic Fish Chokes on Squid
April 03, 2026
Here’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper . As usual... (Schneier on Security)
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
April 03, 2026
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and usel... (BleepingComputer)
North Korea–linked hackers drain $285M from Drift in sophisticated attack
April 03, 2026
Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurren... (Security Affairs)
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
April 03, 2026
"Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research. (Dark Reading)
CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access
April 03, 2026
CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kaspersky researchers unco... (Security Affairs)
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
April 03, 2026
This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x... (SANS ISC)
Claude Source Code Leak Highlights Big Supply Chain Missteps
April 03, 2026
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. (Dark Reading)
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
April 03, 2026
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote atta... (Help Net Security)
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
April 03, 2026
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open source artifacts across containers, libraries, agent skills, and GitHub Actions. (Dark Reading)
Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report
April 03, 2026
Software Analyst Cyber Research (SACR) has published its report, The Convergence of AI and Data Security: An Industry-Wide Technoscope of Unified Agentic Defense Platforms. In t... (Orca Security Blog)
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
April 03, 2026
The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults. The post North Korean Hackers Drain $285 Million Fr... (SecurityWeek)
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
April 03, 2026
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered ta... (The Hacker News)
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
April 03, 2026
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026.... (The Hacker News)
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
April 03, 2026
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom (Infosecurity Magazine)
Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies
April 03, 2026
Iran-linked hackers claim to have breached Israeli air defence contractor PSK Wind, which develops command and control systems. Pro-Iran Handala group announced on April 2 that... (Security Affairs)
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
April 03, 2026
APERION launched SmartFlow SDK, providing a secure, on-premises path for enterprises migrating away from compromised cloud-based AI gateways. The launch coincides with a 200% in... (Help Net Security)
Which messaging app takes the most limited approach to permissions on Android?
April 03, 2026
Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messeng... (Help Net Security)
Click, wait, repeat: Digital trust erodes one login at a time
April 03, 2026
Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely... (Help Net Security)
New infosec products of the month: March 2026
April 03, 2026
Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.io, Mimecast, NinjaOne, Novee, Intel 471, Singulr AI, Stellar... (Help Net Security)
Axios npm Supply Chain Compromise
April 03, 2026
What is the Attack? A software supply chain attack targeted the widely used JavaScript library Axios after an attacker reportedly compromised a maintainer’s npm account and publ... (FortiGuard Labs)
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
April 02, 2026
AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference. (Dark Reading)
Four security principles for agentic AI systems
April 02, 2026
Agentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with output... (AWS Security Blog)
Claude Code leak used to push infostealer malware on GitHub
April 02, 2026
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...] (BleepingComputer)
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
April 02, 2026
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH privat... (The Hacker News)
Security Bosses Are All-In on AI. Here's Why
April 02, 2026
CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real... (Dark Reading)
Residential proxies evaded IP reputation checks in 78% of 4B sessions
April 02, 2026
Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and leg... (BleepingComputer)
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
April 02, 2026
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls (Infosecurity Magazine)
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
April 02, 2026
From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend developme... (SANS ISC)
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
April 02, 2026
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks (Infosecurity Magazine)
Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing
April 02, 2026
Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255,... (Security Affairs)
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
April 02, 2026
Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail int... (BleepingComputer)
vSphere and BRICKSTORM Malware: A Defender's Guide
April 02, 2026
Written by: Stuart Carrera Introduction Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtu... (Google Threat Intelligence)
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
April 02, 2026
iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit (Infosecurity Magazine)
[Video] The TTP Ep 21: When Attackers Become Trusted Users
April 02, 2026
An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments. (Cisco Talos)
Why we're rethinking cache for the AI era
April 02, 2026
The explosion of AI-bot traffic, representing over 10 billion requests per week, has opened up new challenges and opportunities for cache design. We look at some of the ways AI... (Cloudflare Blog)
Researchers Observe Sub-One-Hour Ransomware Attacks
April 02, 2026
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour (Infosecurity Magazine)
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
April 02, 2026
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration (Infosecurity Magazine)
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
April 02, 2026
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest... (The Hacker News)
UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications
April 02, 2026
Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging... (Cisco Talos)
Qilin EDR killer infection chain
April 02, 2026
This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. (Cisco Talos)
Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders
April 02, 2026
A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defen... (Cisco Talos)
An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases
April 02, 2026
There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. (Cisco Talos)
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
April 02, 2026
Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit k... (The Hacker News)
The Sysdig MCP server is now available in AWS Marketplace
April 02, 2026
Correlating security signals from cloud services, container registries, and runtime environments is an important component of maintaining secure cloud deployments. But making th... (Sysdig Blog)
Risk isn’t reduced until you take action: How teams resolve issues in the cloud
April 02, 2026
Effective remediation depends on real-time insight that allows security teams to quickly investigate, understand, and respond to threats with precision. By taking targeted actio... (Sysdig Blog)
Google Introduces Android Dev Verification Amid Openness Debate
April 01, 2026
Android requires dev identity verification for sideloaded apps; phased global rollout from September (Infosecurity Magazine)
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
April 01, 2026
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks. (Dark Reading)
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
April 01, 2026
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late Fe... (The Hacker News)
New Venom Stealer MaaS Platform Automates Continuous Data Theft
April 01, 2026
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration (Infosecurity Magazine)
Block the Prompt, Not the Work: The End of "Doctor No"
April 01, 2026
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function i... (The Hacker News)
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
April 01, 2026
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Me... (The Hacker News)
CISA Adds One Known Exploited Vulnerability to Catalog
April 01, 2026
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vu... (CISA Current Activity)
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
April 01, 2026
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The... (The Hacker News)
A Taxonomy of Cognitive Security
April 01, 2026
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here , but—even better—Me... (Schneier on Security)
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
April 01, 2026
Most UK manufacturers compromised last year suffered financial loss, says ESET (Infosecurity Magazine)
Hackers Hijack Axios npm Package to Spread RATs
April 01, 2026
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn (Infosecurity Magazine)
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
April 01, 2026
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "... (The Hacker News)
Elastic releases detections for the Axios supply chain compromise
April 01, 2026
Hunting and detection rules for the Elastic-discovered Axios supply chain compromise. (Elastic Security Labs)
Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure
March 31, 2026
TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group. The post Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply C... (Palo Alto Networks Unit 42)
Axios NPM Package Compromised in Precision Attack
March 31, 2026
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors. (Dark Reading)
New compliance guide available: ISO/IEC 27001:2022 on AWS
March 31, 2026
We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designing and operating an I... (AWS Security Blog)
Google's Vertex AI Is Over-Privileged. That's a Problem
March 31, 2026
Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure. (Dark Reading)
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
March 31, 2026
The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. (Dark Reading)
Maryland Man Charged Over $53m Uranium Finance Crypto Hack
March 31, 2026
Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds (Infosecurity Magazine)
AI and Quantum Are Forcing a Rethink of Digital Trust
March 31, 2026
In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust. (Dark Reading)
Phantom Project Bundles Infostealer, Crypter and RAT For Sale
March 31, 2026
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service (Infosecurity Magazine)
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
March 31, 2026
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an... (The Hacker News)
ChatGPT Security Issue Enabled Data Theft via Single Prompt
March 31, 2026
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole (Infosecurity Magazine)
Ransomware in 2025: Blending in is the strategy
March 31, 2026
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. (Cisco Talos)
NCSC Urges Immediate Patching of F5 BIG-IP Bug
March 31, 2026
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 (Infosecurity Magazine)
Axios NPM Distribution Compromised in Supply Chain Attack
March 31, 2026
A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your developm... (Wiz Blog)
Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
March 31, 2026
In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfilt... (SANS ISC)
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
March 31, 2026
This is the fourth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;... (SANS ISC)
Fake Installers to Monero: A Multi-Tool Mining Operation
March 31, 2026
Elastic Security Labs dissects a long-running operation deploying RATs, cryptominers, and CPA fraud through fake installer lures, tracking its evolution across campaigns and Mon... (Elastic Security Labs)
Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild
March 30, 2026
How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments (Wiz Blog)
AI-Driven Code Surge Is Forcing a Rethink of AppSec
March 30, 2026
In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace. (Dark Reading)
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
March 30, 2026
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Chec... (The Hacker News)
Manufacturing & Healthcare Share Struggles with Passwords
March 30, 2026
The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in. (Dark Reading)
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
March 30, 2026
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and res... (The Hacker News)
The Wiz Blue Agent, now Generally Available
March 30, 2026
Accelerate your SecOps team with the Blue Agent for threat investigation, now Generally Available (Wiz Blog)
3 SOC Process Fixes That Unlock Tier 1 Productivity
March 30, 2026
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented wor... (The Hacker News)
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
March 30, 2026
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private k... (The Hacker News)
CISA Adds One Known Exploited Vulnerability to Catalog
March 30, 2026
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3055 Citrix NetScaler Out-of-Bound... (CISA Current Activity)
European Commission Confirms Cloud Data Breach
March 30, 2026
The European Commission has revealed details of a data breach impacting its AWS infrastructure (Infosecurity Magazine)
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
March 30, 2026
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced o... (The Hacker News)
Cloudflare Client-Side Security: smarter detection, now open to everyone
March 30, 2026
We are opening our advanced Client-Side Security tools to all users, featuring a new cascading AI detection system. By combining graph neural networks and LLMs, we've reduced fa... (Cloudflare Blog)
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
March 28, 2026
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iO... (The Hacker News)
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
March 28, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited... (The Hacker News)
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
March 27, 2026
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware (Infosecurity Magazine)
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
March 27, 2026
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual... (The Hacker News)
Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security
March 27, 2026
Verified by Microsoft. Built for Azure. Secured by Wiz. (Wiz Blog)
Infrastructure Attacks With Physical Consequences Down 25%
March 27, 2026
Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers' relative ignorance of OT systems. (Dark Reading)
CISA Adds One Known Exploited Vulnerability to Catalog
March 27, 2026
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execut... (CISA Current Activity)
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
March 27, 2026
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environm... (The Hacker News)
DarkSword iOS Exploit Chain
March 27, 2026
What is the Attack? Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple surveillan... (FortiGuard Labs)
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
March 27, 2026
Elastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a DLL-side-loaded key... (Elastic Security Labs)
Preparing for agentic AI: A financial services approach
March 26, 2026
Deploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and fine... (AWS Security Blog)
Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government
March 26, 2026
Unit 42 uncovers multiple clusters of cyberespionage targeting a Southeast Asian government organization with USBFect, RATs and loaders. The post Converging Interests: Analysis... (Palo Alto Networks Unit 42)
TP-Link, Canva, HikVision vulnerabilities
March 26, 2026
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in... (Cisco Talos)
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
March 26, 2026
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic... (The Hacker News)
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
March 26, 2026
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code (Infosecurity Magazine)
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
March 26, 2026
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question u... (The Hacker News)
Talos Takes: 2025 insights from Talos and Splunk
March 26, 2026
This episode of Talos Takes breaks down the 2025 Year in Review as well as Splunk's Top 50 Cybersecurity Threats report. (Cisco Talos)
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
March 26, 2026
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws (Infosecurity Magazine)
CISA Adds One Known Exploited Vulnerability to Catalog
March 26, 2026
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33634 Aqua Security Trivy Embedded... (CISA Current Activity)
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
March 26, 2026
In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from s... (Schneier on Security)
Iran-Linked Pay2Key Ransomware Group Re-Emerges
March 26, 2026
Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key (Infosecurity Magazine)
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns
March 26, 2026
The National Crime Agency has warned construction firms about surging invoice fraud (Infosecurity Magazine)
Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework
March 26, 2026
Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence. (Elastic Security Labs)
At RSAC, the EU Leads While US Officials Are Sidelined
March 25, 2026
While US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today's top cybersecurity challenges. (Dark Reading)
Introducing Wiz Workflows: Your path to building a self healing cloud
March 25, 2026
Orchestrate customizable workflows with agents, enabling end-to-end discovery and response in Wiz (Wiz Blog)
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam
March 25, 2026
A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. (Dark Reading)
AI Dominates RSAC Innovation Sandbox
March 25, 2026
Ten finalists had three minutes to make their case for being the most innovative, promising young security company of the year. Geordie AI wins the 2026 contest. (Dark Reading)
SANS: Top 5 Most Dangerous New Attack Techniques to Watch
March 25, 2026
For the first time, SANS Institute's five top attack techniques all have one thing in common — AI. (Dark Reading)
Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions
March 25, 2026
In the ever-evolving landscape of cloud security, security teams are constantly battling a deluge of alerts and operational friction. This often leads to a dispersed effort, wit... (Orca Security Blog)