ποΈ TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of webbased attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting outofdate iOS software, including the version on your iPhone. Install this critical update to protect your iPhone," the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π AI SOC Guide: Architecture, Capabilities, Pricing, and Migration Playbook π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
AI SOC guide autonomous triage, humanAI collaboration, compliance automation, and realworld use cases. Built for IT Directors. Discover how. The post AI SOC Guide Architecture, Capabilities, Pricing, and Migration Playbook appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
AI SOC Guide: Architecture, Capabilities, Pricing, and Migration Playbook
AI SOC guide: autonomous triage, human-AI collaboration, compliance automation, and real-world use cases. Built for IT Directors. Discover how.
β€2
ποΈ Iran-Linked Hackers Breach FBI Directorβs Personal Email, Hit Stryker With Wiper Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Iran-Linked Hackers Breach FBI Directorβs Personal Email, Hit Stryker With Wiper Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE20263055 CVSS score 9.3, refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian statesponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting F5 BIGIP Access Policy Manager APM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE202553521 CVSS v4 score 9.3, which could allow a threat actor to achieve remote code execution. "When a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Cybercriminals Exploit Tax Season With New Phishing Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Taxseason phishing floods deliver RMM malware, credential theft, BEC and taxform scams.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
β€2
π¦Ώ Android Alert: 50 Google Play Apps Linked to βNoVoiceβ Malware Reached 2.3M Downloads π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
NoVoice malware was found in 50 Android apps on Google Play, with 2.3 million downloads, by bypassing detection and targeting outdated devices. The post Android Alert 50 Google Play Apps Linked to NoVoice Malware Reached 2.3M Downloads appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Android Alert: 50 Google Play Apps Linked to βNoVoiceβ Malware Reached 2.3M Downloads
NoVoice malware was found in 50 Android apps on Google Play, with 2.3 million downloads, by bypassing detection and targeting outdated devices.
ποΈ China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Chinaaligned threat actor has set its sights on European government and diplomatic organizations since mid2025, following a twoyear period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. "This TA416 activity included multiple.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are increasingly using HTTP cookies as a control channel for PHPbased web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actorsupplied cookie values to gate execution,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π₯2
ποΈ 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files package.json, index.js, postinstall.js, has no description, repository,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Fortinet has released outofband patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE202635616 CVSS score 9.1, has been described as a preauthentication API access bypass leading to privilege escalation. "An improper access control vulnerability CWE284 in FortiClient EMS may allow an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity