1. The TeamPCP hacking group is responsible for a major data breach at the European Commission and is conducting ongoing supply chain attacks (The Record). 2. North Korean threat actor UNC1069 compromised the Axios npm package through a highly targeted social engineering campaign against the maintainer (The Hacker News). 3. The Qilin ransomware group claimed responsibility for a data theft attack against the German political…
Posts tagged as “phishing”
1. ShinyHunters compromised Cisco source code and AWS keys by exploiting a supply chain vulnerability in Trivy. The breach resulted in the unauthorized cloning of over 300 repositories (https://www.reddit.com/r/netsec/comments/1sa8nld/cisco_source_code_stolen_by_shinyhunters_via/). 2. Google released a patch for a high severity Chrome zero day vulnerability identified as CVE 2026 5281 which is currently under active exploitation (https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html). 3. Apple expanded the availability of iOS 18.7.7 and iPadOS 18.7.7…
1. Citrix NetScaler ADC and Gateway are under active reconnaissance for CVE-2026-3055, a critical memory overread vulnerability with a CVSS score of 9.3 (The Hacker News). 2. CISA added CVE-2025-53521, a critical remote code execution flaw in F5 BIG-IP Access Policy Manager, to its Known Exploited Vulnerabilities catalog (The Hacker News). 3. Russian state-sponsored group TA446 is deploying the DarkSword iOS exploit kit in targeted…
1. A new payment skimmer uses WebRTC data channels to bypass security controls and exfiltrate payment data from e-commerce sites (thehackernews.com). 2. A Magento vulnerability identified as APSB25-94 allows unauthenticated file uploads leading to remote code execution (reddit.com). 3. The GlassWorm malware campaign has evolved to use Solana blockchain dead drops to deliver remote access trojans and steal sensitive browser and crypto data (thehackernews.com). 4.…