Daily Digest

Axios NPM Supply Chain Attack by North Korean Hackers Shakes Dev Community; Critical Zero-Days in Chrome, Citrix, and F5 Under Active Exploitation

Axios NPM Supply Chain Attack by North Korean Hackers Shakes Dev Community; Critical Zero-Days in Chrome, Citrix, and F5 Under Active Exploitation

April 1, 2026
6 articles (6 new)
18 min read

Summary

A critical supply chain attack on the widely-used 'axios' NPM package, attributed to North Korean actors, has potentially compromised millions of applications. This incident headlines a tense day in cybersecurity for April 1, 2026, which also saw emergency patches for actively exploited zero-day vulnerabilities in Google Chrome (CVE-2026-5281), Citrix NetScaler (CVE-2026-3055), and F5 BIG-IP (CVE-2025-53521). Major data breaches were also disclosed, with the European Commission confirming a hack by ShinyHunters and healthcare providers Nacogdoches Memorial Hospital and QualDerm Partners revealing incidents affecting over 3.3 million individuals combined.

Filter by Category

New Articles (6)

F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack

CRITICAL

F5 Reclassifies 5-Month-Old BIG-IP Vulnerability (CVE-2025-53521) to Critical RCE, CISA Confirms Active Exploitation

F5 has urgently reclassified a vulnerability in its BIG-IP Access Policy Manager (APM), CVE-2025-53521, from a medium-severity Denial-of-Service (DoS) flaw to a critical 9.8 CVSS unauthenticated Remote Code Execution (RCE) vulnerability. Originally disclosed in October 2025, F5 updated its advisory on March 28, 2026, after discovering it could be exploited for full system compromise. The vulnerability is now under active attack in the wild, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog. Attackers can send crafted traffic to a virtual server with an APM policy to gain root access. F5 urges customers to apply the patches released in October 2025, which are confirmed to mitigate this severe RCE vector.

April 1, 2026
5 min read
CVE-2025-53521F5BIG-IPRCEVulnerability +3 more
F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack
Vulnerability
Patch Management
Cyberattack

Texas Hospital Data Breach Exposes Personal and Medical Info of 257,000 Patients

HIGH

Nacogdoches Memorial Hospital Discloses Data Breach from January Cyberattack Affecting 257,073 Individuals

Nacogdoches Memorial Hospital (NMH) in Texas is notifying 257,073 patients of a data breach resulting from a cyberattack detected on January 31, 2026. An unauthorized party gained access to the hospital's network and may have exfiltrated a vast amount of sensitive patient data. The potentially compromised information includes names, Social Security numbers, dates of birth, medical record numbers, health plan details, and even full-face photographs. The hospital has begun mailing notification letters to affected individuals and is offering identity theft protection services. This incident adds to the growing list of healthcare organizations falling victim to cyberattacks, highlighting the sector's vulnerability.

April 1, 2026
4 min read
Data BreachHealthcareHIPAANacogdoches Memorial HospitalPII +2 more
Texas Hospital Data Breach Exposes Personal and Medical Info of 257,000 Patients
Data Breach
Cyberattack
Regulatory

Toy Giant Hasbro Investigating Cybersecurity Incident After Network Breach

MEDIUM

Hasbro Discloses Cybersecurity Incident, Takes Systems Offline and Warns of Operational Delays

Global toy and entertainment company Hasbro, Inc. has disclosed a cybersecurity incident in a Form 8-K filing with the SEC. The company detected unauthorized access to its network on March 28, 2026, and has since activated its incident response plan, which included proactively taking some systems offline for containment. Hasbro has engaged third-party cybersecurity experts to investigate the scope and impact of the breach. While the company's business continuity plans are active, it has warned that operational delays in taking orders and shipping products may occur for several weeks. Details about the nature of the attack or what data may have been compromised have not yet been released.

April 1, 2026
4 min read
HasbroCyberattackData BreachIncident ResponseSEC +1 more
Toy Giant Hasbro Investigating Cybersecurity Incident After Network Breach
Cyberattack
Data Breach

Two-Thirds of US State Legislators Have Had Data Leaked on Dark Web

HIGH

Investigation Reveals 67% of U.S. State Legislators' Data, Including Plaintext Passwords, Exposed in Third-Party Breaches

A new investigation by privacy company Proton has revealed a startling lack of operational security among U.S. state legislators, with 67% having had their data exposed in past data breaches. The research found over 16,000 breach records linked to the officials' publicly listed email addresses, which were used to sign up for third-party services like LinkedIn, Adobe, and even dating sites that were later hacked. Alarmingly, 560 plaintext passwords were discovered among the leaked data, creating a direct path for attackers to compromise personal and potentially official accounts. The findings highlight a significant national security risk, as this exposed data could be used by foreign adversaries for espionage, blackmail, or targeted influence campaigns.

April 1, 2026
5 min read
Data BreachDark WebGovernmentPassword SecurityProton +2 more
Two-Thirds of US State Legislators Have Had Data Leaked on Dark Web
Data Breach
Policy and Compliance
Phishing

Microsoft to Include Security Copilot in M365 E5 Licenses at No Extra Cost

INFORMATIONAL

Microsoft Bundles AI-Powered Security Copilot with Microsoft 365 E5 Plans, Expanding Access for Enterprises

Microsoft has announced a significant change to its licensing model, bundling its AI-powered Security Copilot directly into Microsoft 365 E5 licenses at no additional cost. The phased rollout will begin on April 20, 2026, and is expected to complete by June 30, 2026. This move makes advanced AI-driven security operations accessible to a much wider range of enterprises. Security Copilot, which is embedded in Microsoft Defender, Entra, Intune, and Purview, helps security teams investigate threats and respond to incidents more efficiently. E5 customers will receive a monthly pool of Security Compute Units (SCUs) to power the tool, democratizing access to cutting-edge security AI.

April 1, 2026
4 min read
MicrosoftSecurity CopilotMicrosoft 365AISecurity Operations +2 more
Microsoft to Include Security Copilot in M365 E5 Licenses at No Extra Cost
Policy and Compliance
Security Operations
Cloud Security

Phishers Abuse No-Code Platform 'Bubble' to Bypass Email Security Filters

MEDIUM

Kaspersky Uncovers Novel Phishing Technique Abusing Legitimate No-Code Platform Bubble.io for Credential Harvesting

Security researchers at Kaspersky have identified a novel phishing technique that abuses the legitimate no-code development platform, Bubble.io. Attackers are creating malicious web applications on the platform that act as redirectors. Because these apps are hosted on Bubble's trusted domain (*.bubble.io), they are more likely to bypass email security filters that block links to known malicious sites. Phishing emails, often targeting Microsoft 365 users, contain a link to the Bubble-hosted app, which then forwards the victim to a credential harvesting page. This 'trust abuse' tactic makes it harder for both users and automated defenses to spot the attack, and is expected to be adopted by Phishing-as-a-Service (PhaaS) operators.

April 1, 2026
5 min read
PhishingKasperskyBubble.ioMicrosoft 365Credential Harvesting +2 more
Phishers Abuse No-Code Platform 'Bubble' to Bypass Email Security Filters
Phishing
Threat Intelligence
Cloud Security

📢 Share This Publication

Help others stay informed about cybersecurity threats