Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
“Opening a file in GNU Emacs can trigger arbitrary code execution through version control (git), most requiring zero user interaction beyond the file open itself.…
Month: April 2026
WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker
WhatsApp says it has notified around 200 users who were tricked into installing a malicious fake version of the chat app that contained spyware. WhatsApp…
Industrialization of the Fraud Ecosystem Blog
Payment fraud no longer operates as a collection of discrete schemes run by individual threat actors. It is increasingly sustained by an industrial support ecosystem:…
Axios npm Supply Chain Attack FAQ: North Korea UNC1069
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during…
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise…
Magecart Hackers Use 100+ Domains to Hijack eStore Checkouts
Magecart Hijacks eStore Checkouts to Steal Card Data A sophisticated and long-running Magecart campaign has been quietly operating for over 24 months, infecting e-commerce websites…
Proton Launches Encrypted Video Conferencing and Unified Workspace to Take On Google and Microsoft
Swiss privacy company Proton has today announced the simultaneous launch of Proton Workspace and Proton Meet, its most significant expansion yet into the enterprise productivity…
Google Warns of New Chrome Zero-Day Under Active Exploitation — Users Urged to Update Immediately
Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being…
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A new phishing campaign uses fake LinkedIn notifications to hijack professional accounts. Research from Cofense PDC reveals how spoofed domains like inedin.digital are used to…
Cybercriminals take aim at Hasbro, weeks of recovery ahead
Hasbro, an American toy maker with more than 5,000 employees, confirmed a cyberattack and proactively took certain systems offline. The intrusion was detected on March…
WhatsApp on Windows users targeted in new campaign, warns Microsoft
Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control.…
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Ravie LakshmananApr 01, 2026Email Security / Artificial Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in…