#spawn-exploit
#spawn-exploit

Information security

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Information security

TrueConf Zero-Day Exploited in Asian Government Attacks

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

fromTechCrunch

7 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

TrueConf Zero-Day Exploited in Asian Government Attacks

Chinese hackers exploited a zero-day vulnerability in TrueConf software to attack government entities in Asia, allowing execution of malicious code.

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

23 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

23 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Software development

Internet Bug Bounty program hits pause on payouts

Python

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.

fromInfoWorld

Software development

Internet Bug Bounty program hits pause on payouts

Python

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

Artificial intelligence

AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech - TechRepublic

Tech industry faces rapid AI advancements alongside significant security vulnerabilities and human costs.

Privacy professionals

fromNextgov.com

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

fromBleepingComputer

fromHarvard Business Review

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

Artificial intelligence

fromFuturism

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

fromInfoWorld

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

Sophisticated CrystalX RAT Emerges

Information security

Fake Claude Code source downloads actually delivered malware

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

more#malware

fromComputerworld

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

more#chrome

fromSecuritymagazine

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Four terabytes of data have reportedly been stolen, including database records and source code. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor's AI systems and contractors.

Information security

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity vulnerability in TrueConf software has been exploited, allowing attackers to execute arbitrary code via tampered updates.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock's connectivity makes it powerful but also exposes it to multiple attack vectors that can compromise enterprise data.

2 weeks ago

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Threat actors exploited a critical Langflow vulnerability for remote code execution within 20 hours of its public disclosure.

2 weeks ago

Unknown attackers exploit another critical SharePoint bug

Unknown attackers are actively exploiting CVE-2026-20963, a critical Microsoft SharePoint deserialization vulnerability that enables unauthenticated remote code execution, prompting CISA to mandate federal agency patching within three days.

2 weeks ago

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

Cisco firewall vulnerability CVE-2026-20131 was exploited as a zero-day by Interlock cybercrime group since January 26, before the March 4 patch announcement.

3 weeks ago

CISA says n8n critical bug exploited in real-world attacks

CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.

3 weeks ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.

fromComputerWeekly.com

4 weeks ago

Spyware suppliers exploit more zero-days than nation states | Computer Weekly

Historically, traditional state-sponsored cyber espionage groups have been the most prolific attributed users of zero-day vulnerabilities. [But] over the last few years, the increase of zero-day exploitation attributed to CSVs and their customers has demonstrated the growing ability of these vendors to provide zero-day access to a wider range of threat actors than ever before.

Information security

#cve-2026-1731

Information security

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Information security

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release

Information security

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Information security

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release

more#cve-2026-1731

Infosec exec sold eight zero-day exploit kits to Russia: DoJ

That changed last week when the US Department of Justice published a sentencing memorandum [PDF] that frames Williams' conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security. Williams "made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world," the DoJ said.

Information security

2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

2 months ago

Researchers hack malware gang via its own weak spot

An XSS flaw in StealC’s web panel allowed takeover of operator sessions, revealing millions of stolen cookies, passwords, and YouTube-based malware distribution.

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Critical BeyondTrust RCE CVE-2026-1731 is being actively exploited; apply provided RS and PRA patches immediately to prevent unauthorized access and data exfiltration.