Security News Feed Aggregated from trusted cybersecurity sources

1868

Total Articles

Security News

Latest cybersecurity news from CISA, Krebs on Security, and other trusted sources

1868

CVE Mentions

4

Sources

Filter by source: All Sources darkreading hackernews krebs sans

hackernews Apr 03, 2026 at 15:32

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,

darkreading Apr 03, 2026 at 15:11

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.

darkreading Apr 03, 2026 at 13:30

Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

"Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research.

sans Apr 03, 2026 at 13:18

TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)

This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;"When the Security Scanner Became the Weapon"&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;(v3.0, March 25, 2026).&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;Update 005&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;covered developments through April 1, including the first confirmed victim disclosure (Mercor AI), Wiz&&#x23;x26;&#x23;39;s post-compromise cloud enumeration findings, DPRK attribution of the axios compromise, and LiteLLM&&#x23;x26;&#x23;39;s release resumption after Mandiant&&#x23;x26;&#x23;39;s forensic audit. This update covers intelligence from April 1 through April 3, 2026.

darkreading Apr 03, 2026 at 13:00

Source Code Leaks Highlight Lack of Supply Chain Oversight

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

darkreading Apr 03, 2026 at 12:57

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills.

darkreading Apr 03, 2026 at 11:53

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.

hackernews Apr 03, 2026 at 11:04

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a

hackernews Apr 03, 2026 at 11:00

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it. Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party

hackernews Apr 03, 2026 at 09:10

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while

hackernews Apr 03, 2026 at 08:35

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the&

sans Apr 03, 2026 at 02:00

ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)

darkreading Apr 02, 2026 at 21:14

Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026

AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference.

darkreading Apr 02, 2026 at 20:28

Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate

The company's 8-K filing notes "unauthorized access" and that it's activated business continuity plans and taken some systems offline.

hackernews Apr 02, 2026 at 19:30

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as

Related CVEs: CVE-2025-55182

darkreading Apr 02, 2026 at 19:12

Security Bosses Are All-In on AI. Here's Why

CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise.

darkreading Apr 02, 2026 at 15:56

RSAC 2026: AI Dominates, But Community Remains Key to Security

As AI took center stage at this year's conference, experts debated automation, oversight and the evolving role of human intelligence in cybersecurity — despite the US government's notable absence.

hackernews Apr 02, 2026 at 15:21

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. "This

Related CVEs: CVE-2026-20093

sans Apr 02, 2026 at 14:49

Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)

From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [https://github.com/vitejs/vite].

Related CVEs: CVE-2025-30208

darkreading Apr 02, 2026 at 13:00

Bank Trojan 'Casbaneiro' Worms Through Latin America

Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly.

About Security News

This feed aggregates the latest cybersecurity news from trusted sources to help you stay informed about emerging threats, vulnerabilities, and security trends.

Our Sources

CISA Alerts - Official US Gov
Krebs on Security
BleepingComputer
The Hacker News
Dark Reading
SANS ISC

Security Hub