Axios NPM Supply Chain Attack by North Korean Hackers Shakes Dev Community; Critical Zero-Days in Chrome, Citrix, and F5 Under Active Exploitation
Summary
A critical supply chain attack on the widely-used 'axios' NPM package, attributed to North Korean actors, has potentially compromised millions of applications. This incident headlines a tense day in cybersecurity for April 1, 2026, which also saw emergency patches for actively exploited zero-day vulnerabilities in Google Chrome (CVE-2026-5281), Citrix NetScaler (CVE-2026-3055), and F5 BIG-IP (CVE-2025-53521). Major data breaches were also disclosed, with the European Commission confirming a hack by ShinyHunters and healthcare providers Nacogdoches Memorial Hospital and QualDerm Partners revealing incidents affecting over 3.3 million individuals combined.
Today New Articles
F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack
F5 has urgently reclassified a vulnerability in its BIG-IP Access Policy Manager (APM), CVE-2025-53521, from a medium-severity Denial-of-Service (DoS) flaw to a critical 9.8 CVSS unauthenticated Remote Code Execution (RCE) vulnerability. Originally disclosed i...
Texas Hospital Data Breach Exposes Personal and Medical Info of 257,000 Patients
Nacogdoches Memorial Hospital (NMH) in Texas is notifying 257,073 patients of a data breach resulting from a cyberattack detected on January 31, 2026. An unauthorized party gained access to the hospital's network and may have exfiltrated a vast amount of sensi...
Toy Giant Hasbro Investigating Cybersecurity Incident After Network Breach
Global toy and entertainment company Hasbro, Inc. has disclosed a cybersecurity incident in a Form 8-K filing with the SEC. The company detected unauthorized access to its network on March 28, 2026, and has since activated its incident response plan, which inc...
Two-Thirds of US State Legislators Have Had Data Leaked on Dark Web
A new investigation by privacy company Proton has revealed a startling lack of operational security among U.S. state legislators, with 67% having had their data exposed in past data breaches. The research found over 16,000 breach records linked to the official...
Microsoft to Include Security Copilot in M365 E5 Licenses at No Extra Cost
Microsoft has announced a significant change to its licensing model, bundling its AI-powered Security Copilot directly into Microsoft 365 E5 licenses at no additional cost. The phased rollout will begin on April 20, 2026, and is expected to complete by June 30...
Phishers Abuse No-Code Platform 'Bubble' to Bypass Email Security Filters
Security researchers at Kaspersky have identified a novel phishing technique that abuses the legitimate no-code development platform, Bubble.io. Attackers are creating malicious web applications on the platform that act as redirectors. Because these apps are h...