Category: Security

Computer screen displaying lines of code
Security

March 19 patch closes CVE-2026-0740 after Feb. 10 partial fix left ~50,000 Ninja Forms File Upload installs exposed

The recent sequence of fixes for the Ninja Forms – File Upload extension matters because an incomplete February patch left thousands of WordPress sites exposed to unauthenticated remote code execution until a full remediation arrived on March 19, 2026. CVE-2026-0740 (CVSS 9.8) allows arbitrary file upload via the plugin’s handle_upload() AJAX endpoint; only version 3.3.27 […]

admin 
A wireless router sits on a wooden table.
Security

Home routers vs. cloud defenses: How APT28 pairs mass DNS hijacks with stealth Microsoft 365 token theft

APT28 (Fancy Bear, GRU Unit 26165) has shifted from classic phishing and malware to a hybrid approach that begins on compromised home and SOHO routers and finishes inside Microsoft 365 environments—using DNS hijacking and a cloud-native malware toolkit called “AUTHENTIC ANTICS” to steal OAuth tokens and live cloud content. That contrast—network infrastructure compromise at the […]

admin 
text
Security

Don’t Treat QR-Code Traffic-Fine Texts as Minor Spam — Reused case “26-TR-273196” Reveals a Nationwide ID‑theft Scheme

In early April 2026 a large-scale phishing campaign began pushing QR codes in fake traffic–violation texts across the U.S., not just isolated nuisance messages. The repeated use of the fake case number “26-TR-273196” — seen with state prefixes like CO, NJ, IL, TX, MN and TN — makes clear this is a volume-driven, adaptive scam […]

admin 
a computer on a desk
Security

Not in axios’s source — a hijacked maintainer account pushed a phantom dependency that installed a cross‑platform RAT

On March 31, 2026, attackers used a hijacked npm maintainer account to publish poisoned axios releases that exercised npm’s install lifecycle, not by altering axios source code but by adding a phantom dependency (plain-crypto-js@4.2.1) whose postinstall hook deployed a cross‑platform remote access trojan (RAT). The publication used stolen long‑lived npm tokens to bypass GitHub Actions […]

admin 
black flat screen computer monitor turned on beside black computer keyboard
Security

Leak vs Lure: How the March 2026 Claude Code source leak and InstallFix campaigns turned install guides into credential-stealing attack chains

In March 2026 an accidental release of 512,000 lines of Anthropic’s Claude Code source combined with concurrent InstallFix social‑engineering campaigns to create a single, practical threat: attackers now pair intimate knowledge of an AI agent’s internals with cloned install pages that convince developers to run one-line commands that deploy credential‑stealing malware. What the leak actually […]

admin 
a computer desk with two monitors and a laptop
Security

CrystalRAT is not just prankware — Telegram-marketed MaaS that pairs RAT access, crypto clippers, and disruptive “Rofl” tricks

CrystalRAT (aka CrystalX RAT) is being sold openly on Telegram as an easy-to-use malware package, but calling it merely “prankware” misses the point: it is a modular malware-as-a-service that combines full remote access, clipboard-based cryptocurrency theft, and nuisance/psychological disruption into a single commercially marketed toolkit. Why the “prank” label understates the risk Security vendors and […]

admin 
Programmer coding at a desk with several monitors.
Security

Mercor breach: a LiteLLM supply‑chain compromise that exfiltrated terabytes

Mercor’s recruiting platform was breached after attackers slipped malicious code into a published LiteLLM package, turning a widely reused open‑source proxy into a broad data exfiltration channel. The incident — detected and removed from distribution within hours but still exploited — exposed terabytes of sensitive material and has forced immediate, industry‑wide dependency audits and credential […]

admin 
Man and woman discussing tablet outside office building
Security

Beyond Chatbots: Why Autonomous AI Agents Introduce an Identity-First Security Risk

AI agents aren’t just smarter chatbots; they operate with distinct identities and degrees of autonomy that let them act on infrastructure and data. That identity-plus-autonomy combo requires enterprises to move security from conversational filters to identity governance, least-privilege controls, and operational checkpoints. Three agent types and why identity changes the problem Enterprises now deploy three […]

admin