The Forgotten Endpoint: Security Risks of Dormant Devices – Dark Reading
Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access. – Read More
March 2026
Axios NPM Package Compromised in Precision Attack – Dark Reading
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors. – Read More
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack – CSO Online
Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious versions of the package that deployed…
Google’s Vertex AI Has an Over-Privileged Problem – Dark Reading
Palo Alto researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. – Read More
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials – Dark Reading
The threat group’s shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. – Read More
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild – CSO Online
A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is…
Android Developer Verification Rollout Begins Ahead of September Enforcement – The Hacker News
Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while “hiding behind anonymity.” The development…
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks – The Hacker News
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast…
Rethinking Vulnerability Management Strategies for Mid-Market Security – Dark Reading
Intruder’s Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management. – Read More
AI and Quantum Are Forcing a Rethink of Digital Trust – Dark Reading
In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust. – Read More
Mazur ruling overturned: Court of Appeal restores delegated litigation model – Legal IT Insider
The Court of Appeal has today (31 March) handed down its long-awaited judgment in Mazur v Charles Russell Speechlys LLP, overturning the High Court’s restrictive interpretation of who may conduct…
AI is turbo-charging cyber attacks. Is your law firm ready? – Law Gazette – Features
(Sponsored content.) Mitigo helps law firms assess their exposure, close the gaps and build lasting resilience. – Read More
Iran Deploys ‘Pseudo-Ransomware,’ Revives Pay2Key Operations – Dark Reading
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations. – Read More
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts – The Hacker News
Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized…
OpenAI patches twin leaks as Codex slips and ChatGPT spills – CSO Online
OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at BeyondTrust and Check…