UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages.
HackRead
20 articles
Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
A fake Chrome browser extension called 'ChatGPT Ad Blocker' was harvesting conversations of ChatGPT users in the name of offering an ad-free experience.
North Korean Hackers Abuse GitHub to Spy on South Korean Firms
Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies.
AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems.
AI Future: The Leading International AI and Web3 Forum to Take Place in April
Moscow, Russia, 3rd April 2026, CyberNewswire
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters hackers claim they stole 3 million+ Cisco records via Salesforce and AWS, warning of a public leak if demands are not met by April 3, 2026.
Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems.
Yurei Ransomware Uses Common Tools, Adds Stranger Things References
Team Cymru details the Yurei ransomware campaign, using standard tools and a few Stranger Things–named payloads to breach and encrypt systems.
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.
Apple Pushes Rare iOS 18 Patch for Devices at Risk from DarkSword Exploit
Apple pushes rare iOS 18 security patch to protect devices at risk from the DarkSword exploit, urging users to update or move to iOS 26 for stronger protection.
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder
Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer.
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker…
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads aff...
Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec
New York, New York, April 1st, 2026, CyberNewswire
Defending Encryption in the Post Quantum Era
Post-quantum cryptography explained, risks of quantum attacks, and steps to secure data, systems, and infrastructure for a quantum-resilient…
Hackers Poison Axios npm Package with 100 Million Weekly Downloads
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild
F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited.
AI Agents Are Democratizing Finance but Also Redefining Risk
AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control.