[{"data":1,"prerenderedAt":109},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-01":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-01","Axios NPM Supply Chain Attack by North Korean Hackers Shakes Dev Community; Critical Zero-Days in Chrome, Citrix, and F5 Under Active Exploitation","A critical supply chain attack on the widely-used 'axios' NPM package, attributed to North Korean actors, has potentially compromised millions of applications. This incident headlines a tense day in cybersecurity for April 1, 2026, which also saw emergency patches for actively exploited zero-day vulnerabilities in Google Chrome (CVE-2026-5281), Citrix NetScaler (CVE-2026-3055), and F5 BIG-IP (CVE-2025-53521). Major data breaches were also disclosed, with the European Commission confirming a hack by ShinyHunters and healthcare providers Nacogdoches Memorial Hospital and QualDerm Partners revealing incidents affecting over 3.3 million individuals combined.","2026-04-01",6,[10,33,50,63,78,95],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":26,"createdAt":28,"updatedAt":28,"readingTime":29,"cves":30,"cvssScore":31,"isUpdate":32},"329444bd-a394-4d09-898b-e896cdfb86ba","critical-f5-big-ip-vulnerability-cve-2025-53521-reclassified-and-exploited","F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack","F5 Reclassifies 5-Month-Old BIG-IP Vulnerability (CVE-2025-53521) to Critical RCE, CISA Confirms Active Exploitation","critical","F5 has urgently reclassified a vulnerability in its BIG-IP Access Policy Manager (APM), CVE-2025-53521, from a medium-severity Denial-of-Service (DoS) flaw to a critical 9.8 CVSS unauthenticated Remote Code Execution (RCE) vulnerability. Originally disclosed in October 2025, F5 updated its advisory on March 28, 2026, after discovering it could be exploited for full system compromise. The vulnerability is now under active attack in the wild, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog. Attackers can send crafted traffic to a virtual server with an APM policy to gain root access. F5 urges customers to apply the patches released in October 2025, which are confirmed to mitigate this severe RCE vector.",[18,19,20,21,22,23,24,25],"CVE-2025-53521","F5","BIG-IP","RCE","Vulnerability","CISA","KEV","Patch Management",[22,25,27],"Cyberattack","2026-04-01T15:00:00.000Z",5,[18],9.8,false,{"id":34,"slug":35,"headline":36,"title":37,"severity":38,"excerpt":39,"tags":40,"categories":47,"createdAt":28,"updatedAt":28,"readingTime":49,"isUpdate":32},"dab88438-29c0-4c2c-ac69-9148d2327e26","nacogdoches-memorial-hospital-discloses-data-breach-affecting-257000-patients","Texas Hospital Data Breach Exposes Personal and Medical Info of 257,000 Patients","Nacogdoches Memorial Hospital Discloses Data Breach from January Cyberattack Affecting 257,073 Individuals","high","Nacogdoches Memorial Hospital (NMH) in Texas is notifying 257,073 patients of a data breach resulting from a cyberattack detected on January 31, 2026. An unauthorized party gained access to the hospital's network and may have exfiltrated a vast amount of sensitive patient data. The potentially compromised information includes names, Social Security numbers, dates of birth, medical record numbers, health plan details, and even full-face photographs. The hospital has begun mailing notification letters to affected individuals and is offering identity theft protection services. This incident adds to the growing list of healthcare organizations falling victim to cyberattacks, highlighting the sector's vulnerability.",[41,42,43,44,45,46,27],"Data Breach","Healthcare","HIPAA","Nacogdoches Memorial Hospital","PII","PHI",[41,27,48],"Regulatory",4,{"id":51,"slug":52,"headline":53,"title":54,"severity":55,"excerpt":56,"tags":57,"categories":62,"createdAt":28,"updatedAt":28,"readingTime":49,"isUpdate":32},"f6df812a-da2a-4db1-b5e9-c80f5ad6d8f3","hasbro-reports-network-breach-and-initiates-investigation","Toy Giant Hasbro Investigating Cybersecurity Incident After Network Breach","Hasbro Discloses Cybersecurity Incident, Takes Systems Offline and Warns of Operational Delays","medium","Global toy and entertainment company Hasbro, Inc. has disclosed a cybersecurity incident in a Form 8-K filing with the SEC. The company detected unauthorized access to its network on March 28, 2026, and has since activated its incident response plan, which included proactively taking some systems offline for containment. Hasbro has engaged third-party cybersecurity experts to investigate the scope and impact of the breach. While the company's business continuity plans are active, it has warned that operational delays in taking orders and shipping products may occur for several weeks. Details about the nature of the attack or what data may have been compromised have not yet been released.",[58,27,41,59,60,61],"Hasbro","Incident Response","SEC","Manufacturing",[27,41],{"id":64,"slug":65,"headline":66,"title":67,"severity":38,"excerpt":68,"tags":69,"categories":76,"createdAt":28,"updatedAt":28,"readingTime":29,"isUpdate":32},"9f43ba9d-c40d-488f-8638-4a3d8401b49d","majority-of-us-state-legislators-data-exposed-in-breaches","Two-Thirds of US State Legislators Have Had Data Leaked on Dark Web","Investigation Reveals 67% of U.S. State Legislators' Data, Including Plaintext Passwords, Exposed in Third-Party Breaches","A new investigation by privacy company Proton has revealed a startling lack of operational security among U.S. state legislators, with 67% having had their data exposed in past data breaches. The research found over 16,000 breach records linked to the officials' publicly listed email addresses, which were used to sign up for third-party services like LinkedIn, Adobe, and even dating sites that were later hacked. Alarmingly, 560 plaintext passwords were discovered among the leaked data, creating a direct path for attackers to compromise personal and potentially official accounts. The findings highlight a significant national security risk, as this exposed data could be used by foreign adversaries for espionage, blackmail, or targeted influence campaigns.",[41,70,71,72,73,74,75],"Dark Web","Government","Password Security","Proton","Phishing","Operational Security",[41,77,74],"Policy and Compliance",{"id":79,"slug":80,"headline":81,"title":82,"severity":83,"excerpt":84,"tags":85,"categories":93,"createdAt":28,"updatedAt":28,"readingTime":49,"isUpdate":32},"abc18070-1f06-44df-b115-a438d5923c62","microsoft-to-bundle-security-copilot-with-microsoft-365-e5-plans","Microsoft to Include Security Copilot in M365 E5 Licenses at No Extra Cost","Microsoft Bundles AI-Powered Security Copilot with Microsoft 365 E5 Plans, Expanding Access for Enterprises","informational","Microsoft has announced a significant change to its licensing model, bundling its AI-powered Security Copilot directly into Microsoft 365 E5 licenses at no additional cost. The phased rollout will begin on April 20, 2026, and is expected to complete by June 30, 2026. This move makes advanced AI-driven security operations accessible to a much wider range of enterprises. Security Copilot, which is embedded in Microsoft Defender, Entra, Intune, and Purview, helps security teams investigate threats and respond to incidents more efficiently. E5 customers will receive a monthly pool of Security Compute Units (SCUs) to power the tool, democratizing access to cutting-edge security AI.",[86,87,88,89,90,91,92],"Microsoft","Security Copilot","Microsoft 365","AI","Security Operations","SOC","Licensing",[77,90,94],"Cloud Security",{"id":96,"slug":97,"headline":98,"title":99,"severity":55,"excerpt":100,"tags":101,"categories":107,"createdAt":28,"updatedAt":28,"readingTime":29,"isUpdate":32},"58139847-f5e2-4a5e-bedf-c65fe15b8d3b","kaspersky-uncovers-phishing-technique-abusing-no-code-platform-bubble","Phishers Abuse No-Code Platform 'Bubble' to Bypass Email Security Filters","Kaspersky Uncovers Novel Phishing Technique Abusing Legitimate No-Code Platform Bubble.io for Credential Harvesting","Security researchers at Kaspersky have identified a novel phishing technique that abuses the legitimate no-code development platform, Bubble.io. Attackers are creating malicious web applications on the platform that act as redirectors. Because these apps are hosted on Bubble's trusted domain (*.bubble.io), they are more likely to bypass email security filters that block links to known malicious sites. Phishing emails, often targeting Microsoft 365 users, contain a link to the Bubble-hosted app, which then forwards the victim to a credential harvesting page. This 'trust abuse' tactic makes it harder for both users and automated defenses to spot the attack, and is expected to be adopted by Phishing-as-a-Service (PhaaS) operators.",[74,102,103,88,104,105,106],"Kaspersky","Bubble.io","Credential Harvesting","Trust Abuse","PhaaS",[74,108,94],"Threat Intelligence",1775141552675]