Axios NPM Package Hit by Massive Supply Chain Attack; CISA Orders Urgent Patch for Actively Exploited Citrix Flaw

Large-Scale Phishing Campaign on GitHub Abuses Discussions to Target Developers with Malware

A large-scale, automated phishing campaign is abusing the GitHub Discussions feature to target developers. Attackers are spamming thousands of repositories with fake security alerts for Microsoft's Visual Studio Code, using fabricated CVEs to create a sense of urgency. The posts, often impersonating security researchers, trick users into downloading what they believe is a patched version of VS Code from external links. These downloads, however, deliver malware, turning a trusted developer platform into a potent malware distribution channel.

phishinggithubvisual studio codemalwaresocial engineering +1 more

5 min read

GitHub Discussions Weaponized to Spread Malware via Fake VS Code Alerts

Healthcare IT Firm CareCloud Probes Patient Data Access in EHR Breach

CareCloud Investigates Potential Patient Data Leak After Breach of EHR Environment

Healthcare technology provider CareCloud is investigating a security breach that gave an unauthorized third party access to one of its electronic health record (EHR) environments for eight hours on March 16, 2026. The company, which serves over 45,000 healthcare providers, has not yet confirmed if protected health information (PHI) was exfiltrated but has hired a leading cyber response team to assess the scope. The incident has been reported to the SEC, highlighting the potential for significant legal, regulatory, and reputational fallout if a large-scale patient data leak is confirmed.

data breachhealthcarecarecloudehrphi +2 more

Healthcare IT Firm CareCloud Probes Patient Data Access in EHR Breach

Swiss Critical Infrastructure Hit by 325 Cyberattacks in One Year

MEDIUM

Swiss Government Reports Nearly One Cyberattack Per Day on Critical Infrastructure

The Swiss Federal Office for Cybersecurity has revealed that it received 325 mandatory reports of cyberattacks against the nation's critical infrastructure in the past year, averaging nearly one incident per day. The report, which covers the first year of a new mandatory reporting law, shows the administrative sector was the most frequent target, followed by IT, telecommunications, and financial institutions. Hacking, DDoS attacks, and malware were among the most common attack vectors reported.

switzerlandcritical infrastructurecybersecurity reportgovernmentddos +1 more

4 min read

Swiss Critical Infrastructure Hit by 325 Cyberattacks in One Year

New Phishing-as-a-Service "EvilTokens" Abuses Microsoft's OAuth Device Code Flow

EvilTokens Phishing-as-a-Service Emerges, Automating MFA-Bypass Attacks on Microsoft 365

A new and sophisticated Phishing-as-a-Service (PhaaS) platform named EvilTokens is enabling widespread attacks against Microsoft 365 accounts. The service automates the process of stealing access tokens by abusing the legitimate OAuth 2.0 device code authentication flow. This technique allows attackers to bypass certain types of MFA and gain persistent access to a victim's cloud account, even if the user changes their password. The EvilTokens kit provides a turnkey solution for criminals, complete with phishing templates and a dashboard for managing stolen tokens, significantly lowering the bar for conducting advanced cloud-based attacks.

phishingphaaseviltokensoauthmfa +3 more

New Phishing-as-a-Service "EvilTokens" Abuses Microsoft's OAuth Device Code Flow

Chinese-Nexus Actor Exploits TrueConf Zero-Day in "TrueChaos" Campaign

CRITICAL

TrueConf Zero-Day (CVE-2026-3502) Exploited in 'TrueChaos' Campaign Targeting Governments

A zero-day vulnerability in the TrueConf video conferencing application, CVE-2026-3502, has been actively exploited in a targeted campaign named 'TrueChaos.' The campaign, attributed with moderate confidence to a Chinese-nexus threat actor, has targeted government entities in Southeast Asia. The CVSS 7.8 flaw exists in the update mechanism of the TrueConf Windows client, allowing an attacker who has compromised an on-premises TrueConf server to push malicious updates to all connected endpoints, thereby deploying malware like the Havoc C2 framework.

zero-daycvetrueconftruechaosapt +3 more

Chinese-Nexus Actor Exploits TrueConf Zero-Day in "TrueChaos" Campaign

Updated Articles (2)

Middle East Conflict Amplifies Global Cyber Risks, Reshaping Threat Landscape

MEDIUM

Geopolitical Conflict in Middle East Leads to Surge in State-Aligned Hacking Operations Worldwide

Update:

A new KELA report reveals Iranian state-sponsored groups are integrating with the cybercrime ecosystem, leveraging ransomware and RaaS affiliates like Pay2Key. This hybrid approach provides plausible deniability for destructive attacks, generates revenue, and complicates attribution. Groups like Agrius APT use data wipers disguised as pseudo-ransomware (e.g., Apostle). This tactic creates significant compliance risks for victims, as paying ransoms could violate OFAC sanctions against Iran, further escalating the geopolitical cyber threat landscape.

March 25, 2026

Updated: March 30, 2026

4 min read

GeopoliticsHybrid WarfareState-Sponsored ActorsThreat LandscapeWorld Economic Forum +1 more

Middle East Conflict Amplifies Global Cyber Risks, Reshaping Threat Landscape

European Commission Hit by Data Breach; Attacker Claims 350GB Exfiltrated from AWS Cloud

European Commission Confirms Cyberattack on AWS-Hosted Cloud Infrastructure, Resulting in Data Breach

Update:

The notorious extortion group ShinyHunters has claimed responsibility for the European Commission's cloud breach, detected on March 24. As proof, the group leaked a 90GB archive of data, purportedly from AWS and NextCloud environments. This leaked data includes critical items such as full Single Sign-On (SSO) user directories and DKIM signing keys, significantly increasing the potential for targeted phishing, email spoofing, and further attacks. While the Commission maintains the incident was contained to public-facing systems, the specific nature of the leaked credentials raises serious security concerns and suggests a higher impact than initially reported.

March 28, 2026

Updated: March 30, 2026