Newspaper

Industry News

General cybersecurity industry news, market trends, and analysis

Apple Breaks Precedent, Patches DarkSword for iOS 18

Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool.

Dark ReadingApr 3, 20261m5

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

The Hacker News

Industry News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic logs.

The Hacker NewsApr 3, 20263m5

Industry News

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

Dark Reading

Industry News

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.

Dark ReadingApr 3, 20261m5

Industry News

Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

Dark Reading

Industry News

Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

"Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research.

Dark ReadingApr 3, 20261m5

Industry News

Source Code Leaks Highlight Lack of Supply Chain Oversight

Dark Reading

Industry News

Source Code Leaks Highlight Lack of Supply Chain Oversight

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Dark ReadingApr 3, 20261m5

Industry News

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Dark Reading

Industry News

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills.

Dark ReadingApr 3, 20261m5

TrueConf Zero-Day Exploited in Asian Government Attacks

SecurityWeek

Industry News

TrueConf Zero-Day Exploited in Asian Government Attacks

A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.

SecurityWeekApr 3, 20263m5

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

SecurityWeek

Industry News

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.

SecurityWeekApr 3, 20265m5

Critical ShareFile Flaws Lead to Unauthenticated RCE

SecurityWeek

Industry News

Critical ShareFile Flaws Lead to Unauthenticated RCE

The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.

SecurityWeekApr 3, 20262m5

Industry News

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Dark Reading

Industry News

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.

Dark ReadingApr 3, 20261m5

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The Hacker News

Industry News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply chains.

The Hacker NewsApr 3, 20263m5

Industry News

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The Hacker News

Industry News

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it...

The Hacker NewsApr 3, 20261m5