Latest Cybersecurity News

SecurityWeekApr 1, 20267m5

Axios NPM Package Breached in North Korean Supply Chain Attack

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

The Hacker NewsApr 1, 20264m5

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

SecurityWeek

SecurityWeekApr 1, 20263m5

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks has disclosed the details of its analysis of Google Cloud Platform’s Vertex AI.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

The Hacker NewsApr 1, 20264m5

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Claude Code 2.1.88 leak exposed 512,000 lines via npm error, fueling supply chain risks and typosquatting attacks.

The Forgotten Endpoint: Security Risks of Dormant Devices

The Forgotten Endpoint: Security Risks of Dormant Devices

Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access.

Axios NPM Package Compromised in Precision Attack

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

Google's Vertex AI Has an Over-Privileged Problem

Google's Vertex AI Has an Over-Privileged Problem

Palo Alto researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

Dark ReadingMar 31, 20261m6

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

Android Developer Verification Rollout Begins Ahead of September Enforcement

The Hacker NewsMar 31, 20263m5

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google expands Android developer verification globally after September rollout, adding authentication and delays to sideloading to deter malware.

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

The Hacker NewsMar 31, 20263m5

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government networks

Censys Raises $70 Million for Internet Intelligence Platform

SecurityWeek

SecurityWeekMar 31, 20262m5

Censys Raises $70 Million for Internet Intelligence Platform

The latest funding round brings the total venture capital investment in Censys to $149 million.

Rethinking Vulnerability Management Strategies for Mid-Market Security

Rethinking Vulnerability Management Strategies for Mid-Market Security

Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.