Latest Cybersecurity News and Articles
03 April 2026
Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.
The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware appeared first on SecurityWeek.
03 April 2026
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.
The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek.
03 April 2026
Mercor has faced a breach of data.
03 April 2026
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.
Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a
03 April 2026
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it.
Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party
03 April 2026
Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.
The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek.
03 April 2026
Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems.
The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek.
03 April 2026
The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.
The post T-Mobile Sets the Record Straight on Latest Data Breach Filing appeared first on SecurityWeek.
03 April 2026
The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults.
The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek.
03 April 2026
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems.
The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
03 April 2026
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026.
"Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the&
02 April 2026
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
Cisco Talos has attributed the operation to a threat cluster it tracks as
02 April 2026
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI.
The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek.
02 April 2026
The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.
The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek.
02 April 2026
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This
02 April 2026
Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI.
The post Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 appeared first on SecurityWeek.
02 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 2, 2026 – Read the full report The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos is out, with the latest chief information security officer compensation figures from a variety
The post 2026 CISO Salary And Compensation Data appeared first on Cybercrime Magazine.
02 April 2026
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week.
Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws
02 April 2026
The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation.
The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek.
02 April 2026
In January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information.
The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek.