Malicious npm Packages and Fortinet Vulnerability Exploited

zero-daycredential-harvestingnext-js

Account preferences screen with verification prompt

CVE-2025-55182 Exploited to Steal Sensitive Data

Cybersecurity experts warn of active exploitation of CVE-2025-55182, a critical vulnerability that can be used to steal sensitive data and gain unauthorized access to systems. This large-scale credential harvesting operation has affected 766 Next.js hosts, highlighting the need for prompt patching and security updates.

April 4, 2026 critical

cyber-attackshigh-profile-targetsdata-breaches

High-Profile Cyber Attacks Intensify

Recent cyber attacks on high-profile organizations like Hasbro and The Drift Protocol have resulted in significant financial losses and data breaches. These targeted attacks highlight the increasing threat of sophisticated operations and the need for robust cybersecurity measures.

April 4, 2026 critical

data-privacybrowser-securitychrome-extensions

Google chrome sign-in screen with email field.

LinkedIn Secretly Scans Browsers

LinkedIn has been secretly scanning visitors' browsers, raising concerns about data privacy and potential misuse. Over 6,000 Chrome extensions are affected, highlighting a significant scope of impacted users.

April 4, 2026

north-korean-hackerssupply-chain-attacksocial-engineering

North Korean Cyberattacks Surge

North Korean threat actors are behind several high-profile cyberattacks, including the Axios npm hack and Drift's $285 million loss. Recent attacks showcase sophisticated social engineering tactics and swift financial gains. Understanding these threats is crucial for cybersecurity awareness.

April 4, 2026

ransomwarecyberattackscritical-infrastructure

Ransomware Attacks Escalate with Qilin and REF1695 Operations

Active ransomware and cyberattacks are on the rise, with Qilin and REF1695 operations targeting organizations worldwide. Critical infrastructure is at risk, including emergency communications systems. Learn about the key threats and how to protect yourself.

ai-powered-cybersecurityemerging-threatsgeopolitics

a close up of a wall with a bunch of numbers on it

AI-Powered Cybersecurity Gains Momentum Amid Emerging Threats

Security leaders are adopting AI-powered solutions to enhance cybersecurity posture, as discussed at RSAC 2026. Apple's DarkSword exploit protection rollout highlights efforts to stay ahead of threats. Learn about the intersection of geopolitics, AI, and cybersecurity.

critical-infrastructurevulnerabilitiesremote-code-execution

Critical Infrastructure Under Siege

Vulnerabilities in critical infrastructure pose significant risks, with ShareFile flaws and Hitachi Energy's Ellipse product under attack. Emerging threats like CrystalRAT malware and Casbaneiro bank trojan also threaten security. Learn about the key threats and how to protect yourself.

April 3, 2026 critical

vulnerability-researchwordpress-securityemdash

Cybersecurity Under Scrutiny

Vulnerability research faces re-evaluation due to potential flaws, while EmDash emerges as a secure WordPress alternative. Modern intrusions increasingly exploit valid credentials and routine access, highlighting the need for improved security measures.

emerging-threatsvulnerabilitiescyberattacks

Critical Cyberattacks Hit Mercor, Bitcoin

Mercor faces a cyberattack tied to the LiteLLM project compromise, while quantum computer researchers predict Bitcoin encryption can be broken in a few years. Ukraine also warns of Russian hackers revisiting past breaches.

supply-chaincloud-securitycritical-infrastructure

Servers illuminate a futuristic cityscape with a data center.

EU Commission Hack Exposes Data

The European Commission's cloud infrastructure was hacked by TeamPCP, exposing data from at least 29 other EU entities. This incident highlights the significant risk of supply chain attacks and the need for robust access controls.