ICYMI: 2026-04-03
Latest Headlines
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
T-Mobile Sets the Record Straight on Latest Data Breach Filing
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
High-Stakes Security: Protecting the Digital Infrastructure of the Gaming Industry
14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits
Kimsuky Deploys Malicious LNK Files to Deliver Python-Based Backdoor in Multi-Stage Attack
Axios Maintainer Confirms The npm Compromise Was via a Targeted Social Engineering Attack
Hackers Abuse Trusted Platforms to Steal Bank Credentials From Philippine Users
Malicious Chrome Extension “ChatGPT Ad Blocker” Steals ChatGPT Conversations
Hackers Use Phorpiex Botnet to Spread Ransomware, Sextortion, and Crypto-Clipping Malware
Hackers Use Venom Stealer to Turn ClickFix Lures Into Full Data Exfiltration Pipelines
Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2
Multiple TP-Link Vulnerabilities Let Attackers Trigger DoS and Crash Routers
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
Hims & Hers warns of data breach after Zendesk support ticket breach
Die Linke German political party confirms data stolen by Qilin ransomware
Microsoft still working to fix Exchange Online mailbox access issues
Man admits to locking thousands of Windows devices in extortion plot
CERT-EU: European Commission hack exposes data of 30 EU entities
– MTZ