2+ hour, 46+ min ago  (450+ words) Following the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targeting top-tier Node.js and npm maintainers. Security researchers confirm that the Axios breach was part of a scalable…...

5+ hour, 42+ min ago  (335+ words) A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the "BrowserGate" report, hidden code on LinkedIn's website secretly scans the computers of its one billion users to detect installed software…...

5+ hour, 46+ min ago  (1520+ words) In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pillar of enterprise security. As organizations navigate the complexities of multi-cloud environments, remote workforces, burgeoning SaaS applications, and the…...

5+ hour, 22+ min ago  (1539+ words) In the dynamic and increasingly complex cybersecurity landscape of 2026, privileged accounts remain the most coveted targets for cybercriminals and malicious insiders alike. From system administrators and database managers to automated scripts and applications, these "digital crown jewels" hold the keys…...

1+ day, 1+ hour ago  (461+ words) The recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which briefly exposed developers to malicious code, highlights growing risks within the open-source software supply chain....

1+ day, 51+ min ago  (296+ words) The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows clear evidence that threat actors are actively exploiting the bug in real-world…...

23+ hour, 36+ min ago  (378+ words) Daniel Rhyne, a 59-year-old former core infrastructure engineer, pleaded guilty on April 1, 2026, to federal hacking and extortion charges. He admitted to locking out administrators and sabotaging systems at his former New Jersey-based employer in an attack that began in November…...

1+ day, 27+ min ago  (488+ words) Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtimes to evade detection and maintain…...

23+ hour, 19+ min ago  (432+ words) As part of its ongoing efforts to keep devices secure, similar to routine patch deployments that address critical system vulnerabilities, the tech giant is forcefully upgrading all eligible Home and Pro devices currently running version 24H2. For consumers and small businesses…...

2+ day, 5+ hour ago  (560+ words) It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdoor. From mid-2025, TA416 restarted regular targeting of European government and diplomatic entities after a two'year lull,…...