Malware & Threats

Critical Cisco IMC Auth Bypass, F5 RCE Exposure, and Active Zero-Day Attacks Dominate Threat Landscape

Critical infrastructure faces active attacks via Cisco IMC authentication bypass and F5 BIG-IP RCE vulnerabilities affecting thousands of exposed systems. Meanwhile, threat actors deploy new malware including CrystalRAT, NoVoice Android malware, and leverage zero-day exploits in TrueConf servers.

Apr 2, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs

ciscof5-networkszero-day

🏴Qilin🏴Play

🇦🇪Telegram🇺🇸Google🇺🇸Apple

highMalware & Threats

Supply Chain Strikes Hit Cisco and npm Ecosystem as AI Security Concerns Mount

Supply chain attackers breached Cisco's development environment via the Trivy attack and compromised the popular Axios npm package with 100M+ weekly downloads. Meanwhile, researchers discovered new CrystalX malware-as-a-service and AI-powered vulnerabilities in text editors.

Apr 1, 2026BleepingComputer, Malwarebytes Labs, SecureList (Kaspersky)

supply-chainnpm-securitycisco-breach

🇺🇸Google

criticalMalware & Threats

Axios NPM Package Compromised via Stolen Token, RAT Deployed to 100M Weekly Downloads

The axios NPM package, downloaded 100 million times weekly, was compromised through a stolen authentication token. Malicious versions deployed a cross-platform remote access trojan to developer machines during routine npm install operations.

Mar 31, 2026Sam Bent

supply-chainnpmremote-access-trojan

criticalMalware & Threats

Critical Week in Cyber: CISA KEV Addition, FBI Director Hacked, and New Malware Campaign

CISA added an actively exploited Citrix NetScaler vulnerability to the KEV catalog, ordering federal agencies to patch by Thursday. Meanwhile, Iranian threat actors breached FBI Director Patel's personal Gmail account, and researchers discovered multiple new threats including RoadK1ll malware and a ChatGPT data exfiltration technique.

Mar 31, 2026BleepingComputer, Graham Cluley, Cisco Talos, Checkpoint Research

cisa-kevcitrix-vulnerabilityfbi-breach

🇺🇸Apple

highMalware & Threats

European Commission Breached, FBI Director's Email Compromised, WordPress Plugin Flaw Affects 500K Sites

High-profile breaches hit the European Commission and FBI Director Patel's personal email, while a Smart Slider WordPress plugin vulnerability threatens 500,000 sites with arbitrary file access.

Mar 30, 2026BleepingComputer, Malwarebytes Labs

data-breachwordpressvulnerability

🏴ShinyHunters

highMalware & Threats

TeamPCP Supply Chain Attack Targets Telnyx Python SDK Users

TeamPCP compromised two versions of Telnyx's Python SDK on PyPI, embedding credential-stealing malware disguised as ringtone files. Developers who installed versions 4.87.1 or 4.87.2 may have had their cloud and cryptocurrency credentials compromised.

Mar 30, 2026Hackread

supply-chain-attackpypicredential-theft

highMalware & Threats

AI-Powered Malware Development Reaches Operational Maturity with VoidLink Framework

AI-assisted malware development has transitioned from experimental to operational maturity, with the VoidLink framework serving as proof that individual threat actors can now rapidly develop sophisticated, deployment-ready malware using commercial AI tools.

Mar 29, 2026Checkpoint Research

ai-assisted-malwarevoidlinkmalware-development

mediumMalware & Threats

Infinity Stealer Targets macOS Users Through ClickFix Social Engineering

Security researchers have identified Infinity Stealer, a new macOS-targeting info-stealing malware that uses ClickFix social engineering lures to trick users into executing Python payloads compiled with Nuitka. The malware harvests system information, browser data, and credentials from infected machines.

Mar 29, 2026BleepingComputer

macosinfo-stealersocial-engineering

🇺🇸Apple

highMalware & Threats

Supply Chain Strikes and Social Engineering: Five Active Threat Campaigns Targeting Critical Infrastructure

Supply chain attacks hit Python developers via compromised PyPI packages hiding malware in audio files, while GitHub users face fake VS Code security alerts distributing malware. The European Commission confirmed a breach of their AWS environment as criminals increasingly use virtual phone services to bypass banking security controls.

Mar 28, 2026BleepingComputer, Malwarebytes Labs

supply-chainpypigithub

🇺🇸Amazon

highMalware & Threats

LiteLLM PyPI Package Compromised: Real-Time Incident Response Analysis

The popular LiteLLM Python package was compromised on PyPI with malicious versions 1.82.7 and 1.82.8 containing unknown payloads. A security researcher documented their real-time incident response process, providing insights into supply chain attack detection and mitigation.

Mar 27, 2026Hacker News (filtered)

supply-chainpypimalware

🇨🇳Winnti

criticalMalware & Threats

Malware Threats Roundup: Active AI Framework Exploitation, New macOS Stealers, and Browser Supply Chain Attacks

CISA confirmed active exploitation of a critical Langflow AI framework vulnerability, prompting emergency patches. Meanwhile, new macOS infostealers are using fake CAPTCHA tricks and browser extensions are being weaponized for supply chain surveillance attacks.

Mar 27, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs

langflowcve-2026-33017macos-malware

🇨🇳Hikvision🇨🇳TP-Link

highMalware & Threats

RedLine Admin Extradited as PolyShell Hits 56% of Vulnerable Magento Stores

Law enforcement scored a major win with the extradition of a RedLine infostealer administrator, while active campaigns target Magento stores and cryptocurrency wallets. Meanwhile, AI platforms face new supply chain and abuse vectors.

Mar 26, 2026BleepingComputer, Graham Cluley, Malwarebytes Labs, SecureList (Kaspersky)

redline-infostealerpolyshellmagento

🇺🇸Meta Platforms