Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious…
Category: TheHackerNews
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from…
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check…
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
Ravie LakshmananMar 30, 2026Threat Intelligence / Browser Security A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously…
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of…
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Ravie LakshmananMar 30, 2026Threat Intelligence / Network Intrusion Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part…
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
The Hacker NewsMar 24, 2026Security Operations / Network Security Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should…
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
Ravie LakshmananMar 24, 2026Malware / Endpoint Security An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of…
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Ravie LakshmananMar 26, 2026Malware / Web Security Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive…
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Ravie LakshmananMar 27, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem…
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
Ravie LakshmananMar 27, 2026Threat Intelligence / Vulnerability A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since…
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Ravie LakshmananMar 27, 2026Ransomware / Malware Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new…