Latest Cybersecurity News

The Forgotten Endpoint: Security Risks of Dormant Devices

The Forgotten Endpoint: Security Risks of Dormant Devices

Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access.

BleepingComputerMar 31, 20263m5

Claude AI finds Vim, Emacs RCE bugs that trigger on file open

BleepingComputer

Malware & Threats

Claude AI finds Vim, Emacs RCE bugs that trigger on file open

Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file.

Axios NPM Package Compromised in Precision Attack

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

Google's Vertex AI Has an Over-Privileged Problem

Google's Vertex AI Has an Over-Privileged Problem

Palo Alto researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

Dark ReadingMar 31, 20261m6

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

Android Developer Verification Rollout Begins Ahead of September Enforcement

The Hacker News

The Hacker NewsMar 31, 20263m5

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google expands Android developer verification globally after September rollout, adding authentication and delays to sideloading to deter malware.

Cisco source code stolen in Trivy-linked dev environment breach

BleepingComputer

Malware & Threats

Cisco source code stolen in Trivy-linked dev environment breach

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.

BleepingComputerMar 31, 20263m6

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

The Hacker News

The Hacker NewsMar 31, 20263m5

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government networks

Censys Raises $70 Million for Internet Intelligence Platform

SecurityWeek

SecurityWeekMar 31, 20262m5

Censys Raises $70 Million for Internet Intelligence Platform

The latest funding round brings the total venture capital investment in Censys to $149 million.

Rethinking Vulnerability Management Strategies for Mid-Market Security

Rethinking Vulnerability Management Strategies for Mid-Market Security

Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.

The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust

SecurityWeek