Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens. The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
What Makes Browser Hijacking a Silent Threat?
Web browsers act as a critical gateway to an organization’s digital ecosystem, enabling access to banking, email, cloud applications, and sensitive customer data. When attackers compromise this gateway, they can monitor user activity, redirect traffic, and capture confidential credentials without…
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1…
IT Security News Hourly Summary 2026-03-31 09h : 5 posts
5 posts were published in the last hour 6:32 : ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information 6:32 : Apple Adds Terminal Paste Warning in macOS Tahoe 26.4 to Block ClickFix Attacks 6:11 : Claude AI Uncovers…
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasingly handle our most sensitive data, operating under the assumption that enclosed environments keep this information secure. However, a newly disclosed vulnerability in ChatGPT shattered this expectation. Discovered by Check Point Research, this flaw exploited the isolated…
Apple Adds Terminal Paste Warning in macOS Tahoe 26.4 to Block ClickFix Attacks
Apple has introduced a new security feature in macOS Tahoe 26. Thank you for being a Ghacks reader. The post Apple Adds Terminal Paste Warning in macOS Tahoe 26.4 to Block ClickFix Attacks appeared first on gHacks. This article has…
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zero-day Remote Code Execution (RCE) flaws in both Vim and Emacs. The discoveries show that merely opening a malicious…
RoadK1ll Malware Turns Hacked Devices Into Network Relays
Hackers are deploying a new Node. js-based implant dubbed RoadK1ll to quietly turn compromised hosts into on-demand network relays, enabling stealthy pivoting deeper into victim environments without exposing obvious remote access tooling. The implant’s sole purpose is to provide attackers with reliable,…
Why I’m done calling humans the weakest link
Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners…
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A newly emerging malware known as GhostSocks is quietly reshaping how attackers evade detection by converting compromised systems into residential proxy nodes. Modern cyberattacks rely heavily on blending into normal network traffic. Residential proxies allow attackers to route malicious activity…
Beyond Alert Fatigue: What European SOCs Actually Struggle With
Results from a Survey among SOC professionals from the region on what is the state of AI in SecOps in Europe The post Beyond Alert Fatigue: What European SOCs Actually Struggle With appeared first on Security Boulevard. This article has…
The art of making technical risk make sense to executives
In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they understand. The focus is on business impact: financial loss, compliance fines, reputation damage,…
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs
Notepad++ rolled out version 8.9.3, an important update addressing a notable cURL security vulnerability and resolving multiple crash bugs. Alongside these vital security patches, this release marks the official completion of the application’s migration to a new XML parser, significantly…
Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues
Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s…
Hottest cybersecurity open-source tools of the month: March 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses…
Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Anthropic’s Claude AI successfully discovered zero-day Remote Code Execution (RCE) flaws in both Vim and GNU Emacs. The discoveries highlight a massive paradigm shift in bug hunting, demonstrating that AI models can uncover critical vulnerabilities in legacy software with simple…
Axios NPM Packages Compromised to Inject Malicious Codes in an Active Supply Chain Attack
A sophisticated supply chain attack has targeted Axios, one of the most heavily adopted HTTP clients within the JavaScript ecosystem, by introducing a malicious transitive dependency into the official npm registry. Serving as a critical component across frontend frameworks, backend…
Cybersecurity jobs available right now: March 31, 2026
Android Malware Research Director Alice | Israel | On-site – View job details As an Android Malware Research Director, you will establish operational processes, workflows, and quality standards for the team, while integrating the function into existing infrastructure. You will…
IT Security News Hourly Summary 2026-03-31 06h : 1 posts
1 posts were published in the last hour 3:32 : Security at Scale: How Open VSX Is Raising the Bar
Security at Scale: How Open VSX Is Raising the Bar
Security work is often most visible when something goes wrong: a compromised package, a leaked credential, a typosquatted extension, an abused automation token. In those moments, it becomes clear that software infrastructure is not abstract. It is operational, exposed, and…
Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers
Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update This article has been indexed from www.infosecurity-magazine.com Read the original article: Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Exploit Tax Season With New Phishing Tactics
ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 31st, 2026…
AI Agents Are Democratizing Finance but Also Redefining Risk
AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…