12 News Items
THN · BleepingComputer · Krebs · Dark Reading · SANS
THN · BleepingComputer · Krebs · Dark Reading · SANS
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of April 5, 2026.
-
Axios npm hack used fake Teams error fix to hijack maintainer account
— Bleeping Computer
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by … -
Device code phishing attacks surge 37x as new kits spread online
— Bleeping Computer
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times thi… -
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
— Dark Reading
Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough. -
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
— Bleeping Computer
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' brows… -
Hims & Hers warns of data breach after Zendesk support ticket breach
— Bleeping Computer
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer … -
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
— The Hacker News
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year p… -
Apple Breaks Precedent, Patches DarkSword for iOS 18
— Dark Reading
Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool. -
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
— The Hacker News
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code… -
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
— Dark Reading
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and… -
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
— Dark Reading
"Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research. -
TeamPCP Supply Chain Campaign: Update 006 – CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
— SANS ISC
This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, "When the… -
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
— The Hacker News
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineeri…
Generated by HiveNet.ai Threat Intelligence Platform · April 5, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC