Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can use the registry as an alternative storage…
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies. This article has…
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a powerful toolkit that combines remote access, data theft, surveillance, and even prank-based disruption features. Security researchers identified the campaign in March…
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests
Hackers are increasingly targeting hotel booking workflows to trick travelers into handing over payment details, using a technique that blends real reservation data with convincing social engineering. The message references real booking details such as the hotel name, stay dates,…
Google Says North Korea Was Behind the Axios npm Supply Chain Attack
A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident into a much bigger security story. Google Threat Intelligence Group…
Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec
New York, New York, 1st April 2026, CyberNewswire The post Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code
SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious…
A Taxonomy of Cognitive Security
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but—even better—Menton has a long essay laying out the basic concepts and ideas. The…
IT Security News Hourly Summary 2026-04-01 12h : 8 posts
8 posts were published in the last hour 9:32 : Hackers Hijack Axios npm Package to Spread RATs 9:5 : PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw 9:5 : Closing the Gap by Enhancing Visibility and Mitigating…
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
Most UK manufacturers compromised last year suffered financial loss, says ESET This article has been indexed from www.infosecurity-magazine.com Read the original article: Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
Hackers Hijack Axios npm Package to Spread RATs
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Hijack Axios npm Package to Spread RATs
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly released, prompting an urgent need for administrators to update to…
Closing the Gap by Enhancing Visibility and Mitigating Risks
Secure your UK public sector digital estate. Cortex Xpanse delivers active External Attack Surface Management (EASM) with continuous monitoring, NCSC alignment and risk mitigation. The post Closing the Gap by Enhancing Visibility and Mitigating Risks appeared first on Palo Alto…
XLoader Malware Upgrades Obfuscation Tactics and Hides C2 Traffic Behind Decoy Servers
A well-known information-stealing malware called XLoader has received significant upgrades in its latest versions, making it considerably harder to detect and analyze than before. Originally derived from a malware family known as FormBook, which first surfaced in 2016, XLoader was…
PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information
Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sensitive information, and potentially execute arbitrary code by convincing a system to…
New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector
A malicious npm package named undicy-http has surfaced inside the Node.js developer ecosystem, quietly compromising machines of developers who mistakenly install it. The package impersonates undici, the official HTTP client library bundled with Node.js that handles millions of weekly downloads. Despite sharing a…
Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials Across Windows, macOS, and Linux
A threat actor group known as TeamPCP has been caught backdooring the Telnyx Python SDK on PyPI — a popular cloud communications library with over 700,000 downloads in February alone. On March 27, 2026, two malicious versions of the package,…
Axios NPM Package Breached in North Korean Supply Chain Attack
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek. This article has…
UK manufacturers under cyber fire with 80% reporting attacks
ESET says factory outages, lost revenue, and supply chain disruption are becoming routine Nearly 80 percent of British manufacturers say they’ve been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor…
SUCCESS – 253,510 breached accounts
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes.…
Norma Rae, Union Activity and Computer Hacking – Skywest Sues Pilots for Using its Directory of Employees to Unionize
Does using company portal credentials for union organizing constitute “hacking”? Explore how SkyWest v. Moussaron tests the Computer Fraud and Abuse Act (CFAA) and the Supreme Court’s Van Buren ruling. The post Norma Rae, Union Activity and Computer Hacking –…
The Arms Race is Already Over. You Just Don’t Know Which Side Won.
Anthropic’s Claude 4.6 found 500+ zero-days, but the real story is economic. As AI secures code, attackers are shifting to the “Trust Layer”—AI-driven social engineering and identity deception. The post The Arms Race is Already Over. You Just Don’t Know…
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we track…
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Korea–nexus threat actor has hijacked the popular Axios NPM package in a high‑impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compromised…