Latest Internet & Cybersecurity News
North Korean Hackers Suspected in Axios NPM Supply Chain Attack
Hackers compromised the Axios npm package, used by millions weekly for web requests, publishing malicious versions with cross-platform RAT malware targeting Windows, macOS, and Linux. The attack lasted about 3 hours on March 31, potentially affecting 600,000 downloads; users urged to pin versions and rotate credentials.
Google attributes it to UNC1069, a North Korean group experienced in supply chains.
Cisco Source Code Stolen in Trivy-Linked Dev Environment Breach
Threat actors used stolen credentials from the recent Trivy supply chain attack to breach Cisco's internal development environment, stealing source code for Cisco and its customers. This incident highlights ongoing risks from the TeamPCP campaign targeting developer tools.
Organizations using affected tools should audit and rotate credentials immediately.
CISA Orders Feds to Patch Actively Exploited Citrix NetScaler Flaw
CISA mandated federal agencies to patch Citrix NetScaler appliances against CVE-2026-3055, a critical memory flaw actively exploited to steal sensitive data. The vulnerability affects ADC and Gateway products; immediate patching is required by Thursday.
Hackers are deploying attacks to obtain unauthorized access.
F5 BIG-IP Critical RCE Flaw Exploited to Deploy Webshells
F5 reclassified a BIG-IP APM vulnerability as critical RCE, now actively exploited by attackers to install webshells on unpatched devices. The flaw enables denial-of-service and remote code execution; patch immediately to mitigate risks.
Exploitation is ongoing, targeting network infrastructure.
Telnyx PyPI Package Compromised in TeamPCP Supply Chain Attack
The Telnyx Python SDK on PyPI (versions 4.87.1 and 4.87.2) was hit by TeamPCP, linked to Trivy, containing multi-stage infostealer malware. This follows a wave of developer tool compromises; check dependencies and update packages.
PyPI users face heightened supply chain risks from such campaigns.
15-Year-Old strongSwan Flaw Enables VPN Crashes via Integer Underflow
CVE-2026-25075 in strongSwan's EAP-TTLS plugin (versions 4.5.0-6.0.4) allows attackers to crash VPNs through massive memory corruption. The critical vulnerability has existed for 15 years; update to latest versions immediately.
This poses risks to VPN-reliant organizations worldwide.
Live Cyber Attack Map Shows US, Germany as Top Targets
Real-time data reveals US, Germany, UK, India, and Brazil as most targeted countries in last 24 hours, with DDoS, phishing, ransomware, botnets dominant. Critical CVEs include Apache Web Server (CVE-2026-12345) and OpenSSL RCE (CVE-2026-34567).
Businesses should prioritize patching and vigilance against these trends.
HUB Cyber Security Announces Leadership Transition
HUB Cyber Security, a global leader in confidential computing and AI-driven data fabric, announced a leadership change on April 1. The transition aims to strengthen its position amid rising cyber threats.
Details on new leadership were released via GlobeNewswire.
AI-Driven Cybersecurity Market Hits $244 Billion, Korean Firms Expand
The AI-powered cybersecurity market reaches $244 billion, with Korean companies targeting global growth. Published April 1, this reflects surging demand for advanced defenses.
Expansion focuses on AI innovations against evolving threats.
AI Systems Redefine Enterprise Attack Surface
Booz Allen expert explains AI as a new distinct attack surface, transforming security management. Enterprises must adapt strategies to protect AI deployments.
The shift requires treating AI uniquely in threat models.
AI and Quantum Threats Force Rethink of Digital Trust
DigiCert CEO highlights how AI-driven identities and quantum risks reshape digital trust foundations. Organizations need updated approaches for 2026 threats.
This impacts PKI and identity verification globally.
Identity to Define Cybersecurity in 2026 Amid AI Threats
Resilience in hybrid, AI-driven landscapes makes identity central to cyber strategies. Rising pressures demand robust identity security across environments.
2026 policies emphasize this focus.