Cybersecurity / Supply Chain Attacks:
- North Korean hackers are implicated in a sophisticated supply chain attack that briefly turned the widely used
axios developer tool into a vehicle for credential-stealing malware. The breach, traced to an AI deepfake targeting a developer, highlights the growing threat of social engineering in open-source software. π axios.com π pcmag.com π github.com π socket.dev π stepsecurity.io π thehackernews.com
- Researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that exploit Redis and PostgreSQL to deploy persistent implants and steal credentials. π thehackernews.com
Cybersecurity / Botnets:
- The U.S. Justice Department, alongside Canadian and German authorities, dismantled four major IoT botnetsβAisuru, Kimwolf, JackSkid, and Mossadβthat compromised over three million devices and were responsible for record-breaking DDoS attacks. π krebsonsecurity.com
- The masterminds behind the Kimwolf botnet have been identified as coordinating DDoS, doxing, and SWATting attacks against security researchers, highlighting the escalating real-world consequences of cybercrime. π krebsonsecurity.com
AI / Policy & Ethics:
- Anthropic is restricting its Claude subscription usage for third-party tools like OpenClaw, citing capacity management, which has led to user backlash and concerns about the "all-you-can-eat buffet" era of AI compute ending. π theverge.com π venturebeat.com π x.com π x.com
- Research indicates that many AI users exhibit "cognitive surrender," readily accepting faulty AI reasoning with minimal skepticism, which could have significant implications as AI becomes more integrated into decision-making processes. π arstechnica.com π papers.ssrn.com
- Microsoft's updated Copilot terms of use state that the AI is for "entertainment purposes only" and users should not rely on it for important advice, a disclaimer that contrasts with its aggressive marketing. π tomshardware.com π digitaltrends.com
- Microsoft has hit its "big audacious goals" for Copilot sales by the end of March, following a pivot in its sales strategy after feedback from Wall Street, with 3% of customers paying for Copilot as of January. π bloomberg.com$ π cnbc.com
US Politics & Intelligence:
- A former CIA operative revealed clandestine efforts to prevent Iran from acquiring nuclear weapons, including recruiting scientists with the threat of assassination if they refused, a program known as "Brain Drain." π newyorker.com π latimes.com
Technology & Software:
- Microsoft is now force-upgrading unmanaged Windows 11 24H2 PCs to version 25H2, expanding its machine learning-based rollout to all Home and Pro edition devices not managed by IT departments. π bleepingcomputer.com π neowin.net
- Anthropic has removed its Claude staff and partners from The Document Foundation's membership, citing unproven legal concerns and "guilt by association," which has led Collabora to launch its own Gerrit code review system. π collaboraonline.com π itsfoss.com π collaboraonline.com
- Samsung will discontinue its Messages app in the US in July 2026, advising users on older Android versions to switch to Google Messages. π 9to5google.com π samsung.com
Cybercrime & Malware:
- A vulnerability in FortiClient EMS, tracked as CVE-2026-35616, is being actively exploited in the wild, allowing unauthenticated attackers to escalate privileges via API access bypass. Fortinet has released patches for affected versions. π thehackernews.com
- Threat actors are exploiting a critical vulnerability (CVE-2025-55182) in Next.js hosts to steal credentials, including database credentials, SSH keys, and cloud secrets, compromising at least 766 hosts globally. π thehackernews.com
- China-linked TA416 has targeted European governments with PlugX and OAuth-based phishing campaigns since mid-2025, utilizing various infection chains to deliver custom payloads. π thehackernews.com
- A new variant of the SparkCat malware is being found on iOS and Android app stores, capable of stealing cryptocurrency wallet recovery phrases by scanning users' photo galleries. π thehackernews.com
- The Qilin ransomware group has claimed responsibility for an attack on Germany's Die Linke political party, leading to an IT systems outage and threats of sensitive data leaks. π bleepingcomputer.com
- The cybersecurity firm CERT-EU attributes the European Commission hack to the TeamPCP threat group, which has exposed data from 30 EU entities and has been linked to other supply chain attacks. π bleepingcomputer.com π krebsonsecurity.com
- A financially motivated group known as TeamPCP is escalating its attacks, deploying a wiper targeting Iran by exploiting exposed cloud services and actively engaging in supply chain attacks against tools like Trivy. π krebsonsecurity.com π thehackernews.com
- A new "Starkiller" phishing service allows attackers to dynamically load legitimate login pages and act as a man-in-the-middle proxy, effectively neutralizing MFA protections by relaying authentication flows in real-time. π krebsonsecurity.com
- The U.S. FBI is warning consumers against using Chinese mobile applications due to potential privacy risks and data security concerns. π bleepingcomputer.com
Cybercrime & Data Breaches:
- Telehealth company Hims & Hers Health has disclosed a data breach resulting from the theft of support tickets from a third-party customer service platform. π bleepingcomputer.com
- Money transfer app Duc has exposed thousands of driver's licenses and passports to the open web, indicating a significant data breach. π techcrunch.com
Space & Aviation:
- The Artemis II mission has successfully passed 100,000 miles from Earth on its translunar injection path, with astronauts performing checks on the Orion spacecraft and providing views of Earth. π theguardian.com π nasa.gov π images.nasa.gov
- NASA astronauts on the Artemis II mission are using modified iPhones for the first time to capture photos and videos of Earth and space. π nytimes.com$ π 9to5mac.com
Business & Economy:
- The U.S. National Labor Relations Board has ruled that Amazon must negotiate with a union representing approximately 5,000 workers at a Staten Island warehouse, finding the company engaged in unfair labor practices by refusing to bargain. π reuters.com π teamster.org
- Y Combinator has removed the embattled startup Delve from its directory following allegations of fabricated compliance certificates and other fraudulent practices. π techcrunch.com π delve.co π siliconcanals.com
- Microsoft plans to invest $10 billion in Japan between 2026 and 2029 to expand AI infrastructure, cloud capacity, train one million engineers, and enhance cybersecurity cooperation with the Japanese government. π reuters.com
- Lucid Group is attributing a dip in its first-quarter sales to issues with a seat supplier, impacting production and deliveries. π techcrunch.com
- The UK government is actively seeking to encourage Anthropic to expand its operations in Britain, reportedly proposing a dual listing after the AI company's clash with the U.S. Department of Defense. π giftarticle.ft.com$ π reuters.com
- US commercial satellite provider Planet Labs is indefinitely withholding access to imagery of Iran and the conflict region at the request of the US government. π reuters.com π aljazeera.com
- Anthropic has established AnthroPAC, a new Political Action Committee funded by employees, aiming for bipartisan donations ahead of the midterms, following scrutiny over its political contributions. π thehill.com π docquery.fec.gov π breitbart.com
- Meta has paused its work with AI training data vendor Mercor amidst an ongoing investigation into a security breach that may have exposed industry secrets, while OpenAI is also investigating the incident. π wired.com π thenextweb.com π businessinsider.com$
Cybercrime & Espionage:
- A data-wiping attack targeting medical technology company Stryker has been claimed by the Iran-linked Handala hacktivist group, reportedly affecting operations in 79 countries and leading to significant data loss. π krebsonsecurity.com π irishexaminer.com
- The Kimwolf botnet, responsible for massive DDoS attacks, has been disrupting The Invisible Internet Project (I2P) network by overwhelming it with infected nodes, a tactic that appears to be a Sybil attack to evade takedown efforts. π krebsonsecurity.com
- Microsoft's February Patch Tuesday addresses over 50 vulnerabilities, including six actively exploited zero-day flaws impacting Windows Shell, MSHTML, Microsoft Word, Remote Desktop Services, and the Desktop Window Manager. π krebsonsecurity.com π msrc.microsoft.com$ π msrc.microsoft.com$ π msrc.microsoft.com$ π msrc.microsoft.com$ π msrc.microsoft.com$ π msrc.microsoft.com$
Cybersecurity:
- The EU's data protection regulators are reportedly investigating Anthropic over its AI training data practices, particularly concerning the use of personal data scraped from the web. π techcrunch.com
- A group described as "Scattered Lapsus ShinyHunters" (SLSH) is employing a distinct extortion playbook involving harassment, threats, and swatting against executives, in addition to traditional data ransom tactics, leading some victims to pay to contain the fallout. π krebsonsecurity.com π blog.unit221b.com
- The European Union's cybersecurity service CERT-EU has identified TeamPCP as the group responsible for a massive data breach affecting the European Commission and at least 29 other EU entities. π bleepingcomputer.com
- Microsoft is still working to fix intermittent mailbox access issues affecting Outlook mobile and macOS users, problems that have persisted for weeks. π bleepingcomputer.com
- A former engineer admitted to locking thousands of Windows devices in an extortion plot against his employer, impacting 254 servers. π bleepingcomputer.com
- LinkedIn is secretly scanning users' browsers for over 6,000 Chrome extensions and collecting device data through hidden JavaScript scripts, according to a report dubbed "BrowserGate." π bleepingcomputer.com
- EU legislation allowing voluntary CSAM scanning by tech companies expired on April 3 after lawmakers failed to agree on an extension, creating legal limbo for some platforms. π politico.eu π techdirt.com
AI / Industry:
- OpenAI's COO Brad Lightcap is transitioning to a special projects role, while AGI chief Fidji Simo is taking a medical leave of absence, marking a significant executive shuffle at the company. π bloomberg.com$ π theverge.com π techcrunch.com
- Anthropic has reportedly purchased biotech startup Coefficient Bio for $400 million, signaling a move into the biotech sector. π techcrunch.com
- CogniChip, an AI company focused on using AI to design chips, has raised $60 million to advance its mission in the rapidly growing AI hardware market. π techcrunch.com
Cryptocurrency:
- Solana-based decentralized exchange Drift has confirmed a loss of approximately $285 million due to a sophisticated attack involving durable nonces and social engineering, which allowed attackers to gain administrative control. π thehackernews.com π krebsonsecurity.com
- Researchers have uncovered a cryptomining operation, codenamed REF1695, that uses ISO files as an infection vector to deploy RATs and cryptocurrency miners, and also engages in CPA fraud. π thehackernews.com
Cybercrime & Fraud:
- The Starkiller phishing service offers a dynamic approach to phishing, using man-in-the-middle proxies to relay traffic from legitimate websites and MFA codes, effectively bypassing security measures. π krebsonsecurity.com
- Fake reservation links are preying on travelers, with a new phishing service called Starkiller allowing attackers to impersonate brands and capture user credentials and MFA codes by proxying traffic through their infrastructure. π krebsonsecurity.com π threatpost.com
Technology & Software:
- Apple has approved a driver for AMD and Nvidia eGPUs for Apple Silicon Macs, but its primary function is for AI research, not graphics acceleration. π appleinsider.com π theverge.com
- Flipboard has launched "social websites" to help publishers and creators engage with the open social web, offering a new way to share and discover content. π techcrunch.com
- ElevenLabs has released a new AI-powered music generation app, expanding its creative tools beyond voice synthesis. π techcrunch.com
- Google is allowing users in the US to change their Gmail addresses, a long-requested feature that enhances account management and flexibility. π techcrunch.com
- United's mobile app now displays TSA wait times at select airports, aiming to improve the travel experience for passengers. π techcrunch.com
Geopolitics & Conflict:
- Planet Labs, a US commercial satellite provider, is indefinitely withholding imagery of Iran and the conflict region due to a request from the US government, impacting media coverage. π reuters.com π aljazeera.com
Cybercrime & Data Breaches:
- The Hackle Group has been targeting European governments with PlugX and OAuth-based phishing campaigns since mid-2025, employing sophisticated infection chains. π thehackernews.com
US Politics & Legislation:
- White House efforts to enact federal legislation preempting state AI laws have stalled, with several Democrats dismissing the proposal as partisan. π politico.eu π thehill.com
Cybercrime & Data Breaches:
- The North Korean threat actor TA416 has been observed targeting European governments with PlugX and OAuth-based phishing campaigns, adapting its tactics to bypass security measures. π thehackernews.com
Cybercrime & Malware:
- Microsoft has detailed how attackers are using cookie-controlled PHP web shells to achieve persistence on Linux servers via cron jobs, bypassing traditional command execution methods. π thehackernews.com
Cybercrime & Data Breaches:
- A breach impacting the European Commission has exposed data from 30 EU entities, attributed by CERT-EU to the TeamPCP threat group. π bleepingcomputer.com
Cybercrime & Malware:
- Researchers have discovered that malicious npm packages disguised as Strapi CMS plugins are being used to exploit Redis and PostgreSQL, steal credentials, and deploy persistent implants. π thehackernews.com
Cybercrime & Data Breaches:
- The Drift Protocol lost approximately $285 million due to a sophisticated attack involving durable nonces and social engineering, which allowed attackers to gain administrative control of the platform. π thehackernews.com π krebsonsecurity.com
Cybercrime & Malware:
- Hackers are exploiting a vulnerability in Next.js hosts (CVE-2025-55182) to steal credentials, including database credentials, SSH keys, and cloud secrets, impacting at least 766 hosts. π thehackernews.com
Cybercrime & Data Breaches:
- The Hims & Hers telehealth company has reported a data breach originating from a compromise of its third-party customer service platform, Zendesk. π bleepingcomputer.com
Cybercrime & Malware:
- A new variant of the SparkCat malware, found in iOS and Android apps, is capable of stealing cryptocurrency wallet recovery phrases by scanning users' photo galleries. π thehackernews.com
Cybercrime & Data Breaches:
- Money transfer app Duc has exposed thousands of driver's licenses and passports to the open web due to a security lapse. π techcrunch.com
Cybercrime & Malware:
- The Qilin ransomware group has claimed responsibility for a cyberattack against the German political party Die Linke, leading to an IT systems outage and threats of data leaks. π bleepingcomputer.com
Cybercrime & Data Breaches:
- The U.S. National Labor Relations Board has ordered Amazon to negotiate with a union representing warehouse workers in Staten Island, finding that the company engaged in unfair labor practices by refusing to bargain. π reuters.com π teamster.org
Cybercrime & Malware:
- A new "Starkiller" phishing service offers attackers a way to bypass MFA by proxying traffic from legitimate websites, allowing them to capture credentials and session tokens in real-time. π krebsonsecurity.com
Cybercrime & Data Breaches:
- Y Combinator has severed ties with the startup Delve following allegations of fabricating compliance certificates and other fraudulent activities. π techcrunch.com π delve.co
Cybercrime & Malware:
- Microsoft is still addressing intermittent mailbox access issues impacting Outlook mobile and macOS users, with the problems persisting for weeks. π bleepingcomputer.com
Cybercrime & Data Breaches:
- The FBI has issued a warning against using Chinese mobile applications due to concerns about data security risks and potential privacy violations. π bleepingcomputer.com
Cybercrime & Malware:
- A wiper attack targeting Iran, executed by the group TeamPCP, destroys data on infected systems that match Iran's timezone or default language settings, particularly affecting Kubernetes clusters. π krebsonsecurity.com π aikido.dev
Cybercrime & Data Breaches:
- A former engineer has pleaded guilty to a failed extortion plot that involved locking thousands of Windows devices belonging to his employer. π bleepingcomputer.com
Cybercrime & Malware:
- The North Korean threat actor TA416 is targeting European governments with PlugX and OAuth-based phishing campaigns, using updated infection chains to deliver malicious payloads. π thehackernews.com
Cybercrime & Data Breaches:
- Planet Labs, a US commercial satellite provider, is withholding imagery of Iran and the conflict region at the request of the US government. π reuters.com π aljazeera.com
AI / Ethics:
- Research indicates users exhibit "cognitive surrender" to AI, readily accepting faulty reasoning with minimal skepticism, posing risks as AI becomes more integrated into decision-making. π arstechnica.com π papers.ssrn.com
Space & Exploration:
- The Artemis II mission has passed the halfway point to the moon, with astronauts capturing stunning images of Earth, marking a significant milestone in NASA's return-to-the-moon program. π theguardian.com π nasa.gov π images.nasa.gov
Cybercrime & Data Breaches:
- A supply chain attack targeting the Trivy security scanner on GitHub allowed attackers to hijack 75 tags and steal CI/CD secrets, impacting users who downloaded compromised versions. π thehackernews.com
Cybercrime & Malware:
- Fortinet has issued patches for critical vulnerabilities in FortiClient EMS (CVE-2026-35616) that allow unauthenticated API access bypass and privilege escalation, noting these flaws are being actively exploited. π thehackernews.com π bleepingcomputer.com
Cybercrime & Malware:
AI / Industry:
- Anthropic has reportedly purchased biotech startup Coefficient Bio for $400 million, indicating a strategic expansion into the biotech sector. π techcrunch.com
US Politics & Legislation:
- The White House's attempt to pass federal legislation that would preempt state AI laws has stalled, with several Democratic lawmakers expressing concerns that the proposal is partisan. π politico.eu π thehill.com
Cybercrime & Data Breaches:
- A data-wiping attack against Stryker, a global medical technology company, has been claimed by the Iran-linked Handala hacktivist group, leading to widespread disruption and data loss across its international operations. π krebsonsecurity.com π irishexaminer.com
Cybercrime & Malware:
- The threat actor TA416, linked to China, has targeted European governments with PlugX and OAuth-based phishing campaigns, continuously updating its infection chains to bypass security measures. π thehackernews.com
Cybercrime & Data Breaches:
- A new "Starkiller" phishing service allows attackers to create deceptive URLs that mimic legitimate login pages, acting as proxies to capture user credentials and MFA codes in real-time, effectively neutralizing security protections. π krebsonsecurity.com π threatpost.com
Cybercrime & Malware:
- Researchers have discovered a new variant of the SparkCat malware present in iOS and Android apps that scans users' photo galleries for cryptocurrency wallet recovery phrases, posing a significant risk to crypto assets. π thehackernews.com
Cybercrime & Data Breaches:
- The Hims & Hers telehealth company has reported a data breach after its third-party customer service platform, Zendesk, experienced a security incident. π bleepingcomputer.com
Cybercrime & Malware: