The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. […]
Bitwarden CLI Hijacked in npm Supply Chain Attack Linked to TeamPCP & Checkmarx Breach A malicious version of the Bitwarden CLI circulated on npm for roughly 90 minutes on April 22, 2026, silently stealing developer credentials, cloud secrets, and CI/CD tokens before exfiltrating them through encrypted channels. The attack is part of a broader wave […]
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. […]
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost. The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek.
Axios npm Hijack 2026: Everything You Need to Know โ IOCs, Impact & RemediationOn March 31, 2026, a threat actor hijacked the npm account of the lead Axios maintainer and published two malicious versions of one of the worldโs most popular JavaScript libraries โ Axios (~100M weekly downloads). The malicious versions contained a hidden dependency […]
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. […]
U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer. [..