16+ hour, 47+ min ago  (539+ words) A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025,following a two-yearperiod of minimal targeting in theregion. The campaign has been attributedto TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX,…...

18+ hour, 49+ min ago  (359+ words) Threat'actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research'Team. "Instead of exposing command execution through URL parameters…...

23+ hour, 21+ min ago  (525+ words) The next major'breach hitting your clients probably won't come'from inside their'walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface,…...

23+ hour, 17+ min ago  (394+ words) The'maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked'as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts…...

1+ day, 1+ hour ago  (678+ words) Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1,2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable…...

1+ day, 1+ hour ago  (238+ words) Cybersecurity researchers'have discovered a new version of'the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the'trojan was discovered targeting both the mobile operating'systems. Russian cybersecurity company'Kaspersky said it'found two infected apps on…...

1+ day, 14+ hour ago  (551+ words) A'large-scale credential harvesting operation'has been'observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at'scale. Cisco'Talos has attributed the operation…...

1+ day, 19+ hour ago  (281+ words) Cisco'has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The'vulnerability, tracked as CVE…...

1+ day, 21+ hour ago  (246+ words) The'latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No'corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this'week. It'is definitely worth…...

1+ day, 22+ hour ago  (1288+ words) Fast forward a few months, and software development is accelerating at a pace that most didn't see coming. AI'is increasingly embedded across the development lifecycle, from code generation to infrastructure automation, as models become more advanced and better at meeting…...