Daily Cyber News Archives - Page 12 Of 85

UNC6426 Uses nx npm Supply Chain Attack to Obtain AWS Admin Access Within 72 Hours

March 12, 2026

Cybersecurity investigators have revealed that a threat actor identified as UNC6426 successfully breached a company’s cloud infrastructure within 72 hours by abusing credentials stolen during a software supply chain compromise involving the Nx npm package. According to findings published in the Google Cloud Threat Horizons Report H1 2026, the attacker initially obtained a developer’s GitHub token. This credential enabled […]

UNC6426 Uses nx npm Supply Chain Attack to Obtain AWS Admin Access Within 72 Hours Read More »

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets

March 12, 2026

Security researchers have uncovered a group of malicious packages written in the Rust programming language that were uploaded to the official Rust package registry crates.io. These packages were disguised as utilities designed to manage or synchronize system time but were actually created to steal sensitive developer data. The five malicious crates identified are: According to researchers from Socket, the

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets Read More »

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials

March 11, 2026

Cybersecurity researchers have uncovered a campaign in which threat actors are exploiting vulnerabilities in FortiGate Next‑Generation Firewall devices to gain unauthorized access to corporate networks and steal sensitive credentials. According to a report from SentinelOne, attackers are targeting firewall appliances by exploiting recently disclosed security flaws or by using weak authentication credentials. Once inside the system,

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials Read More »

KadNap Malware Compromises Over 14,000 Edge Devices to Build Stealth Proxy Botnet

March 11, 2026

Cybersecurity researchers have uncovered a sophisticated malware campaign involving a threat dubbed KadNap, which primarily targets Asus routers and other edge devices to build a stealthy proxy botnet. The malware has compromised over 14,000 devices globally, with more than 60% of infections in the U.S., according to Black Lotus Labs at Lumen. KadNap uses a custom implementation of the Kademlia Distributed

KadNap Malware Compromises Over 14,000 Edge Devices to Build Stealth Proxy Botnet Read More »

New “LeakyLooker” Vulnerabilities in Google Looker Studio May Allow Cross Tenant SQL Queries

March 10, 2026

Cybersecurity researchers have uncovered a group of security vulnerabilities in Google Looker Studio that could have enabled attackers to run unauthorized SQL queries against victims’ databases and extract sensitive information across different organizations. The flaws, collectively named LeakyLooker, were identified by researchers from Tenable. The vulnerabilities could have exposed data across multiple environments within Google Cloud infrastructures. Google has confirmed that

New “LeakyLooker” Vulnerabilities in Google Looker Studio May Allow Cross Tenant SQL Queries Read More »

Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.

APT28 Deploys BEARDSHELL and COVENANT Malware in Espionage Campaign Against Ukrainian Military

March 10, 2026

The Russia linked threat group APT28 has been observed deploying two malware implants, BEARDSHELL and COVENANT, in cyber espionage operations targeting Ukrainian military personnel. According to a new investigation by ESET, the malware tools have been actively used since April 2024 to maintain persistent access and conduct long term surveillance. APT28, also widely known by aliases such as Fancy Bear, Sednit, Pawn Storm, and TA422,

APT28 Deploys BEARDSHELL and COVENANT Malware in Espionage Campaign Against Ukrainian Military Read More »

Threat Actors Conduct Mass Scanning of Salesforce Experience Cloud Using Modified AuraInspector Tool

March 10, 2026

Cybersecurity teams at Salesforce have reported a surge in malicious activity targeting publicly accessible Experience Cloud environments. According to the company, attackers are conducting large scale scans of these sites using a modified version of an open source security tool known as AuraInspector. The campaign primarily focuses on identifying misconfigured guest user permissions, which can expose sensitive data stored within Salesforce

Threat Actors Conduct Mass Scanning of Salesforce Experience Cloud Using Modified AuraInspector Tool Read More »

CISA Warns of Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One

March 10, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added three newly identified security vulnerabilities affecting SolarWinds, Ivanti, and Omnissa products to its Known Exploited Vulnerabilities (KEV) catalog after confirming that attackers are actively exploiting them. The KEV catalog is maintained by CISA to highlight vulnerabilities that are currently being used in real world cyber attacks, allowing organizations to prioritize patching

CISA Warns of Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One Read More »

Malicious npm Package Disguised as OpenClaw Installer Installs RAT and Steals macOS Credentials

March 10, 2026

Cybersecurity researchers have identified a malicious npm package that pretends to be an installer for OpenClaw but actually deploys a remote access trojan and steals sensitive information from macOS systems. The package, called @openclaw-ai/openclawai, was uploaded to the npm registry on March 3, 2026 by a user named “openclaw-ai”. Security researchers observed that the package had

Malicious npm Package Disguised as OpenClaw Installer Installs RAT and Steals macOS Credentials Read More »

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device

March 10, 2026

A sophisticated cyberattack attributed to the North Korean threat group UNC4899 has reportedly compromised a cryptocurrency organization in 2025, resulting in the theft of millions of dollars worth of digital assets. The attack demonstrates how modern cyber operations combine social engineering, cloud exploitation, and supply chain style infiltration. Security researchers have linked the activity with moderate confidence

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device Read More »