SecurityTicks

Major Supply Chain Compromise in the Popular axios npm Package

Emerging Threats, News, Vulnerabilities /

Major Supply Chain Compromise in the Popular axios npm Package 2026-04-03 at 17:52 By Karl Sigler On March 30, 2026, two malicious versions of the widely used axios HTTP client library were published to npm; [email protected] and [email protected]. The malicious versions inject a new dependency, [email protected], which, in turn, downloads a Remote Access Toolkit (RAT). […]

Major Supply Chain Compromise in the Popular axios npm Package Read More »

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)

Cisco, Cisco servers, Don't miss, hardware management, News, security update, vulnerability /

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) 2026-04-03 at 17:52 By Zeljka Zorz Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) Read More »

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

In Other News, Malware & Threats /

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware 2026-04-03 at 17:52 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident. The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware Read More »

TrueConf Zero-Day Exploited in Asian Government Attacks

Asia, China, exploited, Government, TrueConf, Vulnerabilities, vulnerability, Zero-Day /

TrueConf Zero-Day Exploited in Asian Government Attacks 2026-04-03 at 17:52 By Ionut Arghire A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TrueConf Zero-Day Exploited in Asian Government Attacks Read More »

Critical ShareFile Flaws Lead to Unauthenticated RCE

ShareFile, Vulnerabilities, vulnerability /

Critical ShareFile Flaws Lead to Unauthenticated RCE 2026-04-03 at 17:52 By Ionut Arghire The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical ShareFile Flaws Lead to Unauthenticated RCE Read More »

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

Uncategorized /

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture 2026-04-03 at 17:52 By The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That’s the new attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture Read More »

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Uncategorized /

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack 2026-04-03 at 17:52 By The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack Read More »

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

certificates, Microsoft, News, tips, Windows /

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches 2026-04-03 at 14:57 By Anamarija Pogorelec Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches Read More »

It’s not just Florida and Texas that threaten NYC’s sputtering tax base — here’s the next big worry

Uncategorized /

It’s not just Florida and Texas that threaten NYC’s sputtering tax base — here’s the next big worry 2026-04-03 at 14:31 By Charles Gasparino Prospective investors in the city’s current and future debt note there will likely be less of a population to tax. This article is an excerpt from Latest Technology News | New

It’s not just Florida and Texas that threaten NYC’s sputtering tax base — here’s the next big worry Read More »

South Korean brokerage Korea Investment & Securities eyes Coinone stake: Report

Latest News /

South Korean brokerage Korea Investment & Securities eyes Coinone stake: Report 2026-04-03 at 14:30 By Cointelegraph by Ezra Reguerra The reported acquisition talks come as South Korea is considering a 20% cap on major crypto exchange shareholders, which would force major platforms to restructure ownership. This article is an excerpt from Cointelegraph.com News View Original

South Korean brokerage Korea Investment & Securities eyes Coinone stake: Report Read More »

Drift sends onchain message to wallets tied to $280M exploit

Latest News /

Drift sends onchain message to wallets tied to $280M exploit 2026-04-03 at 14:30 By Cointelegraph by Helen Partz Drift Protocol initiated onchain contact with wallets tied to the $280 million exploit as an unknown sender also attempts to pressure the attacker. This article is an excerpt from Cointelegraph.com News View Original Source

Drift sends onchain message to wallets tied to $280M exploit Read More »

Claude Code source leak exploited to spread malware

Anthropic, Claude Code, Data leak, Don't miss, Hot stuff, Malware, News, Zscaler /

Claude Code source leak exploited to spread malware 2026-04-03 at 14:30 By Sinisa Markovic A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used

Claude Code source leak exploited to spread malware Read More »

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset

Uncategorized /

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset 2026-04-03 at 14:30 By Every cyber incident also creates a communication challenge that directly affects stakeholder confidence. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset Read More »

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Malware & Threats, React2Shell, UAT-10608 /

React2Shell Exploited in Large-Scale Credential Harvesting Campaign 2026-04-03 at 14:30 By Ionut Arghire Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React2Shell Exploited in Large-Scale Credential Harvesting Campaign Read More »

Mobile Attack Surface Expands as Enterprises Lose Control

attack surface management, mobile, Mobile & Wireless, Threat Intelligence /

Mobile Attack Surface Expands as Enterprises Lose Control 2026-04-03 at 14:30 By Kevin Townsend Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk. The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek. This article is an

Mobile Attack Surface Expands as Enterprises Lose Control Read More »

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

Cryptocurrency, cryptocurrency heist, cybercrime, drift, Featured, North Korea /

North Korean Hackers Drain $285 Million From Drift in 10 Seconds 2026-04-03 at 14:30 By Ionut Arghire The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults. The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek. This article is an

North Korean Hackers Drain $285 Million From Drift in 10 Seconds Read More »

T-Mobile Sets the Record Straight on Latest Data Breach Filing

data breach, Data Breaches, T-Mobile /

T-Mobile Sets the Record Straight on Latest Data Breach Filing 2026-04-03 at 14:30 By Eduard Kovacs The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek. The post T-Mobile Sets the Record Straight on Latest Data Breach Filing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

T-Mobile Sets the Record Straight on Latest Data Breach Filing Read More »

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Uncategorized /

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images 2026-04-03 at 14:30 By Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Read More »

Scroll to Top