12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of April 5, 2026.
-
Axios npm hack used fake Teams error fix to hijack maintainer account
— Bleeping Computer
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by … -
Device code phishing attacks surge 37x as new kits spread online
— Bleeping Computer
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times thi… -
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
— Unit 42
Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure you… -
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
— Dark Reading
Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough. -
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
— Bleeping Computer
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' brows… -
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
— The Hacker News
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year p… -
Apple Breaks Precedent, Patches DarkSword for iOS 18
— Dark Reading
Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool. -
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
— The Hacker News
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code… -
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
— Dark Reading
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and… -
TeamPCP Supply Chain Campaign: Update 006 – CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
— SANS ISC
This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, "When the… -
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
— The Hacker News
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineeri… -
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
— SANS ISC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Generated by CryptXNet.ai Threat Intelligence Platform · April 5, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com