Breach of Confidence: 3 April 2026
I once tried to assemble IKEA furniture this week without looking at the instructions. Got halfway through before realising...
Blog
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Ravie LakshmananApr 03, 2026Threat Intelligence / Malware The maintainer of the Axios npm package has confirmed that the supply chain compromise...
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS...
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Ravie LakshmananApr 03, 2026Mobile Security / Threat Intelligence Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple...
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that...
Why AI lies, cheats and steals
While chatbots can talk about “internal states” like feeling tired, excited, happy, sad, or hungry, they don’t actually experience these...
Microsoft builds its own AI stack to help wean it from its reliance on OpenAI
MAI-Voice-1 generates “natural, realistic speech, rich with nuance, emotional range, and expression,” according to Microsoft, and was built to preserve...
Digital Forensics and Incident Response (DFIR): A CISO’s Guide
Digital Forensics and Incident Response (DFIR) is the discipline that combines the technical investigation of cyber incidents with the structured...
Building a Cyber Incident Response Team: The CISO’s Guide
A cyber incident response team (CIRT) is your organisation’s first line of defence when a security incident occurs. Building an...
SCADA Security Best Practices for CISOs
Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial processes at scale — managing everything from national electricity...
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers
TL;DR Security cameras, IoT, and OT devices that are meant to protect us, are easily compromised and turned against...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection...
TrendAI Insight: New U.S. National Cyber Strategy
TrendAI would like to commend the White House Office of the National Cyber Director (ONCD), led by Sean Cairncross, and...
Patch Now: Chrome Flaw Under Active Attack, Google Confirms
Image: sergign/Envato Elements Chrome just became the latest battlefield in an ongoing war over memory safety. Google has pushed an...
Google Workspace’s continuous approach to mitigating indirect prompt injections
Posted by Adam Gavish, Google GenAI Security TeamIndirect prompt injection (IPI) is an evolving threat vector targeting users of complex...