Security Articles

WhatsApp alerted approximately 200 users, mostly in Italy, who were tricked into installing a fake iOS app infected with spyware linked to Italian firm Asigint.

The Hacker News

01 min read

Security•2026-04-02

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple expanded iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect against the DarkSword exploit kit targeting iOS 18.4–18.7.

The Hacker News

31 min read

Security•2026-04-01

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

This article covers a phishing campaign by threat actor UAC-0255 that impersonated Ukraine's CERT-UA to distribute the AGEWHEEZE remote access trojan.

The Hacker News

51 min read

Security•2026-04-01

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Microsoft has identified a malware campaign distributing malicious VBS files via WhatsApp messages to compromise Windows systems.

Cloudflare

31 min read

Security•2026-04-01

Our ongoing commitment to privacy for the 1.1.1.1 public DNS resolver

Cloudflare shares results of an independent privacy audit for its 1.1.1.1 public DNS resolver, 8 years after launch.

Block the Prompt, Not the Work: The End of "Doctor No"

This article argues that traditional enterprise security's "block everything" approach creates a shadow workaround economy that increases risk rather than reducing it.

The Hacker News

31 min read

Security•2026-04-01

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-stage phishing campaign targets Spanish-speaking users in Latin America and Europe to deliver the Casbaneiro banking trojan via the Horabot malware.

The Hacker News

51 min read

Security•2026-04-01

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google released Chrome security updates addressing 21 vulnerabilities, including a zero-day (CVE-2026-5281) actively exploited in the wild.

The Hacker News

51 min read

Security•2026-04-01

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

This article explores why attackers increasingly use legitimate tools already present in target environments instead of traditional malware.

The Hacker News

61 min read

Security•2026-04-01

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has attributed the supply chain attack on the Axios npm package to North Korean threat group UNC1069, which has been operational since 2018.

The Hacker News

51 min read

Security•2026-04-01

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed that internal source code for Claude Code was accidentally leaked via an npm packaging error in version 2.1.88, exposing nearly 2,000 TypeScript files and over 512,000 lines of code.

The Hacker News

81 min read

Security•2026-03-31

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

This article covers the exploitation of a zero-day vulnerability (CVE-2026-3502) in TrueConf video conferencing software targeting Southeast Asian government networks in a campaign called TrueChaos.