Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

April 5, 2026 at 10:02AM Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that …

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

April 3, 2026 at 11:04PM A China-aligned threat actor has set its sights on European government and diplomatic organizations si…

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

April 3, 2026 at 04:30PM The next major breach hitting your clients probably won't come from inside their walls. It'll …

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

April 3, 2026 at 02:05PM Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from…

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

April 3, 2026 at 01:00AM A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerabili…

The State of Trusted Open Source Report

April 2, 2026 at 05:00PM In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights…

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

April 2, 2026 at 03:21PM Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installin…

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

April 2, 2026 at 12:39PM Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of dev…

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

April 1, 2026 at 09:40PM The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing camp…

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

April 1, 2026 at 04:28PM For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers…

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

April 1, 2026 at 01:14PM Google has formally attributed the supply chain compromise of the popular Axios npm package to a finan…

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

April 1, 2026 at 11:42AM Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding …