Cybersecurity
68 articles RSS
Drift Protocol Suffers $285 Million Exploit in Largest DeFi Hack of 2026 as Analysts Point to North Korea
Attackers used Solana's durable nonce feature to hijack Drift's governance and drain $285 million in 12 minutes, with blockchain forensics firms linking the heist to North Korean operatives.
Kubescape 4.0 Graduates Runtime Threat Detection to GA and Introduces Security Scanning for AI Agents on Kubernetes
The CNCF incubating project ships runtime threat detection powered by CEL-based rules, a centralized security metadata store, and the first open-source controls for auditing AI agent configurations in Kubernetes clusters.
Google Patches Fourth Chrome Zero-Day of 2026 as CISA Orders Federal Agencies to Update Within Two Weeks
Google patches CVE-2026-5281, a use-after-free in Chrome's Dawn WebGPU layer exploited in the wild, marking the fourth Chrome zero-day of 2026. CISA gives federal agencies until April 15 to update.
Italy Fines Intesa Sanpaolo Nearly 50 Million Euros in March After Insider Breach Went Undetected for Two Years
Italy's data protection authority hit the country's largest bank with two separate fines totaling nearly 50 million euros for an insider data breach and unlawful customer profiling.
Unit 42 Exposes Shadow Campaigns, a State-Aligned Espionage Operation That Breached 70 Government Organizations Across 37 Countries
Palo Alto Networks researchers reveal TGR-STA-1030, an Asia-based threat group that compromised law enforcement agencies, finance ministries, and telecoms across 37 countries while scanning government infrastructure in 155 nations.
Anthropic Accidentally Exposes Claude Code's Entire Source Code Through npm Packaging Error, Days After Mythos Leak
A misconfigured npm package exposed 512,000 lines of Claude Code's TypeScript source code via a source map file pointing to Anthropic's cloud storage, marking the company's second data exposure in less than a week.
Two Cybersecurity Professionals Face Up to 20 Years in Prison After Pleading Guilty to Running BlackCat Ransomware Attacks
An incident response manager at Sygnia and a ransomware negotiator at DigitalMint admitted to moonlighting as ALPHV/BlackCat affiliates, targeting five US companies and causing over $9.5 million in losses.
OpenAI Patches ChatGPT DNS Data Exfiltration Flaw and Codex Command Injection That Exposed GitHub Tokens
Check Point and BeyondTrust disclose two distinct vulnerabilities in OpenAI products that allowed covert data theft through DNS queries and GitHub token compromise via branch name injection.
Signal Begins Enforcing Its Post-Quantum Triple Ratchet as the First Messaging App to Offer Continuous Quantum-Resistant Encryption
Signal's SPQR protocol adds a quantum-safe ratchet alongside the Double Ratchet, with server-side enforcement now rolling out to new accounts.
Axios npm Package Compromised in Supply Chain Attack Linked to North Korean Threat Actors, Delivering Cross-Platform RAT to Millions of Developers
Attackers hijacked the primary Axios maintainer's npm account and published two malicious versions that installed a cross-platform remote access trojan, exposing one of the JavaScript ecosystem's most downloaded packages.
Lloyds Banking Group App Glitch Exposed Transaction Data of Nearly 450,000 Customers, Prompting UK Treasury Committee Investigation
A software defect during an overnight update let Lloyds, Halifax, and Bank of Scotland app users see other customers' transactions, account numbers, and National Insurance numbers for nearly five hours.
Critical Citrix NetScaler Flaw Draws Active Reconnaissance as Security Firms Warn of Imminent Exploitation
CVE-2026-3055, a CVSS 9.3 memory overread in NetScaler ADC and Gateway, echoes the 2023 CitrixBleed vulnerability that led to mass exploitation, with over 30,000 instances exposed online.