Daily Digest

Axios NPM Package Hit by Massive Supply Chain Attack; CISA Orders Urgent Patch for Actively Exploited Citrix Flaw

Axios NPM Package Hit by Massive Supply Chain Attack; CISA Orders Urgent Patch for Actively Exploited Citrix Flaw

March 30, 2026
7 articles (5 new, 2 updated)
21 min read

Summary

A critical 24-hour period in cybersecurity saw a high-impact supply chain attack compromise the widely used 'axios' NPM package, deploying a cross-platform RAT to potentially millions of developers. Concurrently, CISA mandated an emergency patch for an actively exploited Citrix NetScaler vulnerability (CVE-2026-3055). Other major incidents include a sprawling supply chain campaign by 'TeamPCP' hitting security tools like Trivy and Checkmarx, a significant data breach at the European Commission claimed by ShinyHunters, and the emergence of the 'EvilTokens' Phishing-as-a-Service targeting Microsoft 365 accounts. These events highlight escalating threats against software supply chains, critical infrastructure, and cloud services.

Filter by Category

New Articles (5)

GitHub Discussions Weaponized to Spread Malware via Fake VS Code Alerts

HIGH

Large-Scale Phishing Campaign on GitHub Abuses Discussions to Target Developers with Malware

A large-scale, automated phishing campaign is abusing the GitHub Discussions feature to target developers. Attackers are spamming thousands of repositories with fake security alerts for Microsoft's Visual Studio Code, using fabricated CVEs to create a sense of urgency. The posts, often impersonating security researchers, trick users into downloading what they believe is a patched version of VS Code from external links. These downloads, however, deliver malware, turning a trusted developer platform into a potent malware distribution channel.

March 30, 2026
5 min read
phishinggithubvisual studio codemalwaresocial engineering +1 more
GitHub Discussions Weaponized to Spread Malware via Fake VS Code Alerts
Phishing
Malware
Security Operations

Healthcare IT Firm CareCloud Probes Patient Data Access in EHR Breach

HIGH

CareCloud Investigates Potential Patient Data Leak After Breach of EHR Environment

Healthcare technology provider CareCloud is investigating a security breach that gave an unauthorized third party access to one of its electronic health record (EHR) environments for eight hours on March 16, 2026. The company, which serves over 45,000 healthcare providers, has not yet confirmed if protected health information (PHI) was exfiltrated but has hired a leading cyber response team to assess the scope. The incident has been reported to the SEC, highlighting the potential for significant legal, regulatory, and reputational fallout if a large-scale patient data leak is confirmed.

March 30, 2026
6 min read
data breachhealthcarecarecloudehrphi +2 more
Healthcare IT Firm CareCloud Probes Patient Data Access in EHR Breach
Data Breach
Regulatory
Incident Response

Swiss Critical Infrastructure Hit by 325 Cyberattacks in One Year

MEDIUM

Swiss Government Reports Nearly One Cyberattack Per Day on Critical Infrastructure

The Swiss Federal Office for Cybersecurity has revealed that it received 325 mandatory reports of cyberattacks against the nation's critical infrastructure in the past year, averaging nearly one incident per day. The report, which covers the first year of a new mandatory reporting law, shows the administrative sector was the most frequent target, followed by IT, telecommunications, and financial institutions. Hacking, DDoS attacks, and malware were among the most common attack vectors reported.

March 30, 2026
4 min read
switzerlandcritical infrastructurecybersecurity reportgovernmentddos +1 more
Swiss Critical Infrastructure Hit by 325 Cyberattacks in One Year
Policy and Compliance
Cyberattack
Regulatory

New Phishing-as-a-Service "EvilTokens" Abuses Microsoft's OAuth Device Code Flow

HIGH

EvilTokens Phishing-as-a-Service Emerges, Automating MFA-Bypass Attacks on Microsoft 365

A new and sophisticated Phishing-as-a-Service (PhaaS) platform named EvilTokens is enabling widespread attacks against Microsoft 365 accounts. The service automates the process of stealing access tokens by abusing the legitimate OAuth 2.0 device code authentication flow. This technique allows attackers to bypass certain types of MFA and gain persistent access to a victim's cloud account, even if the user changes their password. The EvilTokens kit provides a turnkey solution for criminals, complete with phishing templates and a dashboard for managing stolen tokens, significantly lowering the bar for conducting advanced cloud-based attacks.

March 30, 2026
6 min read
phishingphaaseviltokensoauthmfa +3 more
New Phishing-as-a-Service "EvilTokens" Abuses Microsoft's OAuth Device Code Flow
Phishing
Threat Actor
Cloud Security

Chinese-Nexus Actor Exploits TrueConf Zero-Day in "TrueChaos" Campaign

CRITICAL

TrueConf Zero-Day (CVE-2026-3502) Exploited in 'TrueChaos' Campaign Targeting Governments

A zero-day vulnerability in the TrueConf video conferencing application, CVE-2026-3502, has been actively exploited in a targeted campaign named 'TrueChaos.' The campaign, attributed with moderate confidence to a Chinese-nexus threat actor, has targeted government entities in Southeast Asia. The CVSS 7.8 flaw exists in the update mechanism of the TrueConf Windows client, allowing an attacker who has compromised an on-premises TrueConf server to push malicious updates to all connected endpoints, thereby deploying malware like the Havoc C2 framework.

March 30, 2026
6 min read
zero-daycvetrueconftruechaosapt +3 more
Chinese-Nexus Actor Exploits TrueConf Zero-Day in "TrueChaos" Campaign
Vulnerability
Threat Actor
Cyberattack

Updated Articles (2)

Middle East Conflict Amplifies Global Cyber Risks, Reshaping Threat Landscape

MEDIUM

Geopolitical Conflict in Middle East Leads to Surge in State-Aligned Hacking Operations Worldwide

Update:

A new KELA report reveals Iranian state-sponsored groups are integrating with the cybercrime ecosystem, leveraging ransomware and RaaS affiliates like Pay2Key. This hybrid approach provides plausible deniability for destructive attacks, generates revenue, and complicates attribution. Groups like Agrius APT use data wipers disguised as pseudo-ransomware (e.g., Apostle). This tactic creates significant compliance risks for victims, as paying ransoms could violate OFAC sanctions against Iran, further escalating the geopolitical cyber threat landscape.

March 25, 2026
Updated: March 30, 2026
4 min read
GeopoliticsHybrid WarfareState-Sponsored ActorsThreat LandscapeWorld Economic Forum +1 more
Middle East Conflict Amplifies Global Cyber Risks, Reshaping Threat Landscape
Threat Intelligence
Policy and Compliance
Cyberattack

European Commission Hit by Data Breach; Attacker Claims 350GB Exfiltrated from AWS Cloud

HIGH

European Commission Confirms Cyberattack on AWS-Hosted Cloud Infrastructure, Resulting in Data Breach

Update:

The notorious extortion group ShinyHunters has claimed responsibility for the European Commission's cloud breach, detected on March 24. As proof, the group leaked a 90GB archive of data, purportedly from AWS and NextCloud environments. This leaked data includes critical items such as full Single Sign-On (SSO) user directories and DKIM signing keys, significantly increasing the potential for targeted phishing, email spoofing, and further attacks. While the Commission maintains the incident was contained to public-facing systems, the specific nature of the leaked credentials raises serious security concerns and suggests a higher impact than initially reported.

March 28, 2026
Updated: March 30, 2026
6 min read
cloud breachAWSEuropean Uniongovernmentdata exfiltration
European Commission Hit by Data Breach; Attacker Claims 350GB Exfiltrated from AWS Cloud
Data Breach
Cloud Security
Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats