ALL POSTS

Key Findings Anthropic confirmed Claude Code source code was accidentally exposed via npm package version 2.1.88 due to human error in packaging, not a security breach Nearly 2,000 TypeScript files and over 512,000 lines of code were leaked through a source map file and quickly spread across public repositories The leaked codebase revealed advanced features including KAIROS autonomous daemon mode, self-healing memory architecture, Undercover Mode for stealth contributions, an

Key Findings High-severity zero-day vulnerability CVE-2026-3502 (CVSS 7.8) in TrueConf video conferencing software exploited against Southeast Asian government networks in campaign dubbed TrueChaos Flaw allows attackers controlling on-premises TrueConf servers to distribute tampered updates and execute arbitrary code on all connected endpoints Patched in TrueConf Windows client version 8.5.3 released earlier this month Campaign attributed with moderate confidence to Chinese-n

Key Findings Attackers compromised the npm account of Axios maintainer Jason Saayman and published malicious versions 1.14.1 and 0.30.4 containing a hidden RAT malware dependency The malicious versions injected "plain-crypto-js@4.2.1" as a fake dependency that deploys cross-platform remote access trojans targeting Windows, macOS, and Linux Both poisoned versions were published within 39 minutes on March 31, 2026, bypassing GitHub Actions CI/CD verification through compromised

Key Findings AI agents are moving capital autonomously across crypto markets, enabling retail users to execute sophisticated trading strategies previously requiring institutional infrastructure A documented case shows $300 converted to $2.3 million in four months through agent-executed strategies Agents operate without human approval at each step, fundamentally different from traditional finance architecture Critical security vulnerability exists: agents must access private k

Key Findings A dark web marketplace called Threat Market is listing 375 terabytes of alleged Lockheed Martin data for $600 million, with an alternative $374 million price tag The data was allegedly provided by a group claiming to be "APT IRAN" starting March 26, 2026 A separate Iran-linked group called Handala Hack Team claimed around the same time to have accessed personal data of Lockheed Martin engineers and employees No verification of the breach has been confirmed by Loc

Key Findings Check Point discovered a critical vulnerability in ChatGPT that allowed attackers to exfiltrate user data, uploaded files, and conversation history without detection or consent The flaw exploited a hidden DNS-based communication channel in the Linux runtime environment, bypassing all visible AI guardrails OpenAI patched the ChatGPT vulnerability on February 20, 2026, with no evidence of malicious exploitation BeyondTrust Phantom Labs identified a command injectio

Key Findings Three China-linked threat clusters targeted a Southeast Asian government organization throughout 2025 in a sophisticated, well-resourced cyber campaign Mustang Panda (Stately Taurus) deployed PUBLOAD malware via USB-infected drives between June and August 2025 CL-STA-1048 cluster operated from March to September 2025, using multiple espionage tools including EggStremeFuel, MASOL RAT, and TrackBak Stealer CL-STA-1049 cluster active in April and August 2025 used th

Key Findings CVE-2026-3055 is a critical vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway affecting memory through an insufficient input validation flaw Attackers are actively probing the vulnerability via honeypot detection and fingerprinting authentication methods Only affects systems configured as a SAML Identity Provider, though this is a common enterprise configuration No public exploits exist yet, but in-the-wild exploitation is considered imminent Organizat

Key Findings Software defect during routine overnight app update on 12 March exposed financial data for 447,936 customers across Lloyds, Halifax, and Bank of Scotland Privacy barriers between accounts failed for several hours, allowing customers to see strangers' transactions or have their own data exposed Over 114,000 users clicked on rogue transactions and may have viewed sensitive information including National Insurance numbers, payment references, and account details Dat

Key Findings CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog on Friday, citing active exploitation in the wild The vulnerability affects F5 BIG-IP Access Policy Manager (APM) and allows unauthenticated remote code execution with a CVSS v4 score of 9.3 The flaw was initially classified as a denial-of-service issue with a lower severity score but was reclassified as RCE after new information emerged in March 2026 Federal agencies have until March 30, 20

Key Findings Apple is sending lock screen warnings to users with outdated iOS and iPadOS versions alerting them to active web-based exploits Exploit kits Coruna and DarkSword are actively targeting iOS versions 13 through 18.7, capable of stealing sensitive data through malicious links or compromised websites Users on iOS 13-14 must upgrade to iOS 15 and install critical security updates; iOS 15-16 devices received patches on March 11, 2026 Coruna shares code similarities wit

Key Findings ShinyHunters claims to have breached European Commission systems and stolen over 350GB of data Alleged data includes mail server dumps, databases, confidential documents, and contracts The European Commission confirmed detecting a cyberattack on March 24 affecting cloud infrastructure hosting Europa.eu websites Internal systems were not compromised according to the Commission's investigation AWS denies any security incident occurred within its cloud environment N

Key Findings Russian state-sponsored threat group TA446 (also known as Callisto, COLDRIVER, Star Blizzard) deployed the DarkSword iOS exploit kit in targeted spear-phishing campaign on March 26, 2026 Campaign used fake Atlantic Council "discussion invitation" emails to deliver GHOSTBLADE dataminer malware to iOS devices High-profile target included Leonid Volkov, Russian opposition politician and Anti-Corruption Foundation political director First observed use of DarkSword by

Key Findings WatchGuard researchers identified a phishing campaign targeting Venezuelan companies using malicious SVG image files BianLian ransomware group deploying malware via fake invoice attachments with Spanish filenames Attack chain uses ja.cat link shortening service to redirect through compromised Brazilian domains Malware written in Go language includes anti-analysis capabilities and high-speed AES encryption Campaign infrastructure includes four suspicious domains c

Key Findings CISA and BSI issued critical warning for CVE-2026-4681 affecting PTC Windchill and FlexPLM with CVSS score of 10.0 No patches available at time of advisory; exploitation could be imminent according to German media reports Remote Code Execution vulnerability exploitable through deserialization of untrusted data German police conducted unprecedented physical visits to companies to warn administrators, some at 3:30 AM PTC released indicators of compromise despite st

Key Findings Iranian government-linked hacking group Handala claimed Friday to have compromised FBI Director Kash Patel's personal email account and released the data publicly The FBI confirmed awareness of the targeting but stated no government information was compromised and the exposed data is historical in nature Handala framed the breach as retaliation for U.S. seizure of its domains and a $10 million State Department reward for information on group members Leaked docume

Key Findings Google has set a 2029 deadline for post-quantum cryptography migration, four years ahead of NSA guidance and six years ahead of broader US government targets Quantum computers with one million noisy qubits could crack current 2,048-bit RSA encryption in less than a week, down from previous estimates requiring a billion precise parts Store-now-decrypt-later attacks pose immediate risk as hackers steal encrypted data today for future decryption once quantum compute

Key Findings Push Security identified a new AITM phishing campaign targeting TikTok for Business accounts to hijack them for malvertising and fraud Attackers use fake TikTok and Google-themed pages with Cloudflare Turnstile bot protection to bypass security scanners Newly registered domains are created rapidly and hosted behind Cloudflare, making them difficult to track Compromised accounts are used for malvertising, credential theft, malware distribution, and ad fraud Many u

Key Findings China-linked threat actor Red Menshen has maintained a long-term espionage campaign targeting telecom networks in the Middle East and Asia since at least 2021 The group deploys BPFDoor, a kernel-level Linux backdoor that operates as a "digital sleeper cell" with no visible listening ports or command-and-control beaconing BPFDoor inspects network traffic inside the kernel using Berkeley Packet Filter functionality, activating only when receiving a specially crafte

Key Findings Sansec researchers discovered a novel payment skimmer using WebRTC data channels to steal and exfiltrate payment data instead of traditional HTTP requests The skimmer exploits the PolyShell vulnerability in Magento and Adobe Commerce to inject malicious code on e-commerce sites WebRTC connections bypass Content Security Policy rules and use encrypted UDP traffic, making detection significantly more difficult than traditional skimmers Since March 19, 2026, the vul