Information security
Information security

3 hours ago

Information security

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Information security

TrueConf Zero-Day Exploited in Asian Government Attacks

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset

Cybersecurity involves both technical measures and effective communication to maintain stakeholder trust during incidents.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

3 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

TrueConf Zero-Day Exploited in Asian Government Attacks

Chinese hackers exploited a zero-day vulnerability in TrueConf software to attack government entities in Asia, allowing execution of malicious code.

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset

Cybersecurity involves both technical measures and effective communication to maintain stakeholder trust during incidents.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

more#cybersecurity

fromComputerworld

2 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

10 hours ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

13 hours ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

10 hours ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

fromInfoWorld

20 hours ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

JFrog Artifactory: how to secure binaries in the AI era

AI-generated code is creating a security crisis that traditional methods cannot manage, necessitating a new approach to binary management.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.

11 hours ago

JFrog Artifactory: how to secure binaries in the AI era

AI-generated code is creating a security crisis that traditional methods cannot manage, necessitating a new approach to binary management.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

fromInfoWorld

4 hours ago

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

#malware

12 hours ago

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

Sophisticated CrystalX RAT Emerges

Information security

Fake Claude Code source downloads actually delivered malware

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

12 hours ago

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Claude Code bypasses safety rule if given too many commands

Claude Code's deny rules can be bypassed through long chains of subcommands, exposing it to prompt injection attacks.

fromInfoWorld

4 hours ago

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Claude Code bypasses safety rule if given too many commands

Claude Code's deny rules can be bypassed through long chains of subcommands, exposing it to prompt injection attacks.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

more#data-breach

fromSitePoint Forums | Web Development & Design Community

4 days ago

Getting scraped a lot by ChatGPT

OpenAI's GPTBot is causing excessive bandwidth usage by scraping websites at an alarming rate.

12 hours ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

Mercor, a $10 billion AI startup, confirms it was caught up in a major security incident | Fortune

Mercor confirmed a security breach linked to a supply chain attack that may have exposed sensitive data of its customers.

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

fromComputerworld

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Maude-HCS helps model and validate covert network designs

Maude-HCS, an open-source toolkit for covert communication networks, allows organizations to experiment with secure and anonymous communication systems.

fromnews.bitcoin.com

Naoris Protocol Deploys Post-Quantum Mainnet to Secure Global Digital Infrastructure

Naoris Protocol launched its Layer 1 mainnet for decentralized post-quantum security, processing over 106 million transactions to combat quantum computing threats.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

New out-of-band Windows 11 update fixes March's installation errors - how to get it

A new Windows 11 emergency update replaces a problematic March preview update that caused installation errors on many PCs.

Block the Prompt, Not the Work: The End of "Doctor No"

Blocking productivity tools creates a shadow infrastructure that undermines security and visibility.

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google's Quantum AI warns that cryptocurrencies are more vulnerable to quantum attacks than previously believed, shortening the timeline for potential threats.

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google's Quantum AI warns that cryptocurrencies are more vulnerable to quantum attacks than previously believed, shortening the timeline for potential threats.

more#quantum-computing

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Quantum network supports high-security QKD: How it works, why it matters

Quantum technology presents both risks and benefits for network security, particularly through quantum key distribution (QKD) as a solution to encryption vulnerabilities.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Google Drive Expands AI Ransomware Detection, File Recovery to More Users

Google Drive now features AI-powered ransomware detection and built-in file recovery, significantly improving threat identification and response capabilities.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity vulnerability in TrueConf software has been exploited, allowing attackers to execute arbitrary code via tampered updates.

fromScala-lang

Fixing a Command Injection Vulnerability in sbt

A command injection vulnerability in sbt on Windows has been fixed, affecting versions since sbt 0.9.5.

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

fromnews.bitcoin.com

Chainalysis Deploys AI Agents to Counter Criminal Use of Artificial Intelligence in Crypto

Chainalysis introduces AI agents to enhance fraud detection and compliance without requiring deep technical expertise, ensuring data quality and human oversight.

StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs

A high-severity vulnerability in StrongSwan's EAP-TTLS AVP parser can be exploited remotely to crash VPN services.