Cybersecurity Newsfeed - 01/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 31/03/26
🛡️ Vulnerabilities
Gigabyte Control Center Arbitrary File Write: A critical flaw in the GCC software allows unauthenticated attackers to overwrite sensitive system files or plant malicious executables via the update mechanism. Gigabyte has released firmware and software updates to mitigate the risk of full system compromise. More info
Claude AI Discovers Vim and Emacs RCE: Researchers using the Claude AI model identified remote code execution vulnerabilities in these classic text editors. The bugs trigger simply by opening a crafted file, highlighting AI’s growing capability to find deep-seated flaws missed by traditional audits. More info
CISA Issues Emergency Directive for Citrix NetScaler: Federal agencies must patch a critical Citrix vulnerability by Thursday due to active exploitation. The flaw allows unauthenticated remote code execution, making these perimeter devices high-value targets for lateral movement. More info
strongSwan VPN Denial-of-Service: A flaw in the processing of IKEv2 packets in the strongSwan VPN suite allows remote attackers to crash the service. While RCE hasn’t been proven, the DoS risk is a high priority for enterprise remote access security. More info
🎯 Adversaries
Iranian Password-Spraying Targets Microsoft 365: State-sponsored actors are conducting a “slow-and-steady” campaign against high-value targets in Western government and corporate sectors. The goal is long-term persistence and data exfiltration. More info
“EvilTokens” Phishing-as-a-Service: A new toolkit sold on Telegram targets Microsoft 365 by abusing the device authorization flow. It bypasses MFA by tricking users into entering codes that grant attackers full access and refresh tokens. More info
Iranian “Pseudo-Ransomware” (Pay2Key): Threat actors are using the Pay2Key strain to prioritize data destruction and psychological impact over profit. These operations often serve as cover for espionage or state-aligned disruption targeting Israeli and Western infrastructure. More info
📈 Trends
Agentic AI Security with AgentMon: Codenotary has launched a dedicated monitoring platform for autonomous AI agents. The tool tracks agent behavior and resource consumption to prevent unauthorized actions and data leakage in automated workflows. More info
Bitdefender Internal Attack Surface Tool: A new complimentary tool helps organizations identify “Living-Off-the-Land” (LOTL) risks by assessing unnecessary access to system utilities like PowerShell and WMIC. More info
Cybersecurity Job Market Pulse: High demand continues for specialized roles in incident response, cloud security, and AI safety. Companies are increasingly seeking talent capable of bridging traditional SecOps with emerging agentic AI deployments. More info
💥 Breaches & Leaks
Cisco Source Code Theft via Trivy Vulnerability: Cisco confirmed the theft of source code after attackers exploited a flaw in the Trivy scanner to breach their CI/CD pipeline. No customer data was reportedly impacted, but internal repositories were exfiltrated. More info
Axios NPM Package Supply Chain Attack: Malicious versions of the popular Axios library (v1.14.1 and v0.30.4) were published after a maintainer’s account was compromised. The versions deployed a cross-platform RAT on developer systems. More info
Delve Alleged Fraudulent Security Audits: AI compliance startup Delve faces claims of fabricating security audit reports and faking compliance data. The fallout has led major firms to distance themselves from the company. More info
Dutch Ministry of Finance Treasury Portal Breach: A cyberattack forced the digital treasury banking portal offline, affecting 1,600 public institutions. While payments are processed via alternative channels, the digital interface remains disabled for forensic investigation. More info
⚖️ Legal & Law Enforcement
- Hacker Charged in $53M Uranium Finance Breach: A 24-year-old man has been charged for the 2021 hack of the DeFi exchange. The attacker exploited a smart contract flaw during migration; the case highlights improved law enforcement capabilities in tracking stolen crypto assets. More info
📚 Others
Proton Launches “Proton Meet”: A new E2EE video conferencing platform has been launched to provide a privacy-centric alternative to mainstream services. It ensures that even the provider cannot access meeting data. More info
Apple Adds Terminal Warning for “ClickFix”: macOS now features a security alert in the Terminal to detect potentially malicious commands pasted from untrusted sources, curbing social engineering attempts. More info