One Order of Tips, Tricks & Hot Takes for Cybersecurity
Somehow, it’s already October. Fall is officially upon us, pumpkin spice is back with a vengeance, and we all get to celebrate another Cybersecurity Awareness…
Author: Cybernoz
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect…
Top Node.js Maintainers Targeted in Sophisticated Social Engineering Scheme
A highly coordinated social engineering campaign is actively targeting top open-source developers in the Node.js and npm ecosystem. Following the recent compromise of the popular…
CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog.…
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Ravie LakshmananApr 01, 2026Vulnerability / Browser Security Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day…
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
A North Korean threat actor is likely to be blamed for a $285 million heist from decentralized finance (DeFi) platform Drift, executed as part of…
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog Pierluigi Paganini April 04, 2026 The U.S. Cybersecurity and Infrastructure Security…
7 ways to improve your business resilience with backup and recovery
When your network goes down, your business stops. That’s a stark truth we see confirmed daily in incident response—and N-able’s 2026 State of the SOC Report only underscores it. Backup isn’t just an IT routine…
Hunting for M365 Password Spraying
On January 19, 2024 Microsoft released a statement regarding the threat actor group named “Midnight Blizzard”—this state-sponsored actor was observed by Microsoft as performing password…
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering…
Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware
The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete…
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The…