Cybersecurity News from Across the Internet
Immigration and Customs Enforcement has confirmed it is using Paragon spyware, prompting outrage Thursday from a trio of House Democrats. In response to a letter from the lawmakers inquiring about Paragon’s use, acting ICE Director Todd Lyons wrote that he had authorized the use of “cutting-edge technological tools” to help the Homeland Security Investigations division … Read More “House Dems decry confirmed ICE usage of Paragon spyware – CyberScoop” »
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. “This – Read More … Read More “Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise – The Hacker News” »
Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
With the country’s cybersecurity workforce still experiencing major shortages, a bipartisan, bicameral group of lawmakers is pushing to enlist the Department of Labor to help tackle the problem. The Cyber Ready Workforce Act would direct the DOL to establish a grant program that supports the “creation, implementation, and expansion of registered apprenticeship programs in cybersecurity,” … Read More “Lawmakers renew push for Labor Department-backed cyber apprenticeship grants – CyberScoop” »
The Akira ransomware group has compromised hundreds of victims over the past year with a well-honed attack lifecycle that has whittled down the time from initial access to encryption of data in less than four hours, according to cybersecurity firm Halcyon. Akira has been active since 2023, racking up at least $245 million in ransom … Read More “Akira ransomware group can achieve initial access to data encryption in less than an hour – CyberScoop” »
Medtech company Stryker says it’s back to being “fully operational,” three weeks after it became the most prominent victim to date of Iranian hackers, who said they attacked the Michigan-based company in retaliation over the conflict with the United States and Israel. A March 11 wiper attack from the pro-Palestinian, Iranian government-connected group Handala damaged … Read More “Medtech giant Stryker says it’s back up after Iranian cyberattack – CyberScoop” »
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws – … Read More “ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories – The Hacker News” »
New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Team Cymru details the Yurei ransomware campaign, using standard tools and a few Stranger Things–named payloads to breach and encrypt systems. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
GitHub developers face rising giveaway scams. Verify repos, links, and maintainers before acting. Avoid rushed clicks, fake rewards, and risky wallet actions. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the vulnerabilities and … Read More “The State of Trusted Open Source Report – The Hacker News” »
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. “Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic – Read More – The Hacker News
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It’s assessed that the threat actors behind the activity … Read More “WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action – The Hacker News” »
Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. “We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security – … Read More “Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit – The Hacker News” »
A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a fortune worth $400 million. There’s just one small problem: the access codes were tucked inside his fishing rod case, which has mysteriously vanished. Or has it? Because this week, one of his frozen wallets suddenly … Read More “Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished – GRAHAM CLULEY” »
Apple pushes rare iOS 18 security patch to protect devices at risk from the DarkSword exploit, urging users to update or move to iOS 26 for stronger protection. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA … Read More “CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails – The Hacker News” »
Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A Chinese cyberespionage group has shifted its gaze back to Europe after years of focusing on other parts of the world, Proofpoint research published Wednesday found. The surge began in mid-2025, with a bevy of issues bubbling up between China and Europe, the company said. Proofpoint labels the government-linked group TA416, but other companies track … Read More “European-Chinese geopolitical issues drive renewed cyberespionage campaign – CyberScoop” »
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. “Use-after-free in Dawn in Google … Read More “New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released – The Hacker News” »
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to … Read More “Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass – The Hacker News” »
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend … Read More “Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures – The Hacker News” »
New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.” No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But … Read More “Block the Prompt, Not the Work: The End of “Doctor No” – The Hacker News” »
Post-quantum cryptography explained, risks of quantum attacks, and steps to secure data, systems, and infrastructure for a quantum-resilient… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
New York, New York, April 1st, 2026, CyberNewswire – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising … Read More “3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming) – The Hacker News” »
A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. Read more in my article on the Hot for Security blog. – Read More – GRAHAM CLULEY
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we track as UNC1069,” John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker … Read More “Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 – The Hacker News” »
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. “No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by … Read More “Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms – The Hacker News” »
President Donald Trump signed an executive order Tuesday that purports to limit mail-in voting, though critics say the move will almost certainly be challenged in court on constitutional grounds. The order instructs the Homeland Security secretary, the director of U.S. Citizenship and Immigrations Services and the commissioner of the Social Security Administration to compile lists … Read More “White House executive order purports to limit mail-in voting, mandate federal voter lists – CyberScoop” »
Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while “hiding behind anonymity.” The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year. … Read More “Android Developer Verification Rollout Begins Ahead of September Enforcement – The Hacker News” »
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker … Read More “TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks – The Hacker News” »
A hacker briefly delivered malware this week through a popular open-source project for software developers that has an estimated 100 million weekly downloads, raising the possibility of compromises spreading widely through a supply-chain attack. Axios is a JavaScript client library used in web requests. The unknown attacker hijacked the npm account — npm being a … Read More “Attack on axios software developer tool threatens widespread compromises – CyberScoop” »
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization’s cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI … Read More “Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts – The Hacker News” »
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: … Read More “The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority – The Hacker News” »
F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. “The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating – Read More – The Hacker … Read More “Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains – The Hacker News” »
It’s not every day that you read that the head of America’s top law enforcement agency has been hacked, but then – these aren’t ordinary times. Read more in my article on the Hot for Security blog. – Read More – GRAHAM CLULEY
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency. According to StepSecurity, the two versions were published using the compromised … Read More “Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account – The Hacker News” »
Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system behavior tracking. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary … Read More “3 SOC Process Fixes That Unlock Tier 1 Productivity – The Hacker News” »
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Wave Browser for gaming: built for multitasking, streaming, and tabs, with tools for gamers plus ocean cleanup support tied to everyday browsing activity. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. “A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in … Read More “OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability – The Hacker News” »
A new malware-based credential-stealing campaign, which researchers are calling “DeepLoad,” has been infecting enterprise business IT environments over the past In a report released Monday, ReliaQuest AI researchers Thassanai McCabe and Andrew Currie say the most relevant feature of this attack is the way it uses artificial intelligence and other engineering “to defeat the controls … Read More “Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’ – CyberScoop” »
