Latest Cybersecurity News and Articles
01 April 2026
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE.
As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to distribute a password-protected ZIP archive
01 April 2026
The company is investigating the full scope of the incident, including whether any files have been compromised.
The post Toy Giant Hasbro Hit by Cyberattack appeared first on SecurityWeek.
01 April 2026
The malware steals credentials, installs a malicious browser extension, and can spread via USB drives.
The post New DeepLoad Malware Dropped in ClickFix Attacks appeared first on SecurityWeek.
01 April 2026
Google has announced fixes for CVE-2026-5281, a zero-day affecting Chrome’s Dawn component.
The post Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome appeared first on SecurityWeek.
01 April 2026
The agency has not named the problematic foreign-made applications, but TikTok and Temu come to mind.
The post FBI Warns of Data Security Risks From China-Made Mobile Apps appeared first on SecurityWeek.
01 April 2026
Jonathan Spalletta exploited smart contract vulnerabilities to steal approximately $55 million in cryptocurrency and cause Uranium to shut down.
The post US Charges Uranium Crypto Exchange Hacker appeared first on SecurityWeek.
01 April 2026
Join the webcast as we explore what Agentic AI can and cannot solve today, and real world breach scenarios linked to disconnected applications.
The post Webinar Today: Agentic AI vs. Identity’s Last Mile Problem appeared first on SecurityWeek.
01 April 2026
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No."
No to ChatGPT.
No to DeepSeek.
No to the file-sharing tool the product team swears by.
For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &
01 April 2026
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot.
The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in
01 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 1, 2026 – Read the full story in Forbes In 2025, the global damage cost resulting from cybercrime was an estimated $10.5 trillion USD, up from just $3 trillion annually a decade earlier.
The post How Encryption Fights Cybercrime While Sometimes Aiding It appeared first on Cybercrime Magazine.
01 April 2026
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.
The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It's currently not known what lures the threat actors use to trick users into
01 April 2026
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.
"Use-after-free in Dawn in Google Chrome prior
01 April 2026
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next.
Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most
01 April 2026
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.
The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
01 April 2026
Security magazine reviews 10 data security events from March 2026.
01 April 2026
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069.
"We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker News in a statement.
"North Korean
01 April 2026
Palo Alto Networks has disclosed the details of its analysis of Google Cloud Platform’s Vertex AI.
The post Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents appeared first on SecurityWeek.
01 April 2026
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.
"No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. "This was a release packaging issue caused by human error, not a security
31 March 2026
Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity."
The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year.
As part of this
31 March 2026
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.
The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,