Posts

The Hacker News - UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this from The Hacker News https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html
Post a Comment
Read more

The Hacker News - FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology from The Hacker News https://thehackernews.com/2026/03/fortigate-devices-exploited-to-breach.html
Post a Comment
Read more

KnowBe4 - CyberheistNews Vol 16 #10 How to Spot a Phishing Website Before It Steals Your Data

Image
from Human Risk Management Blog https://blog.knowbe4.com/cyberheistnews-vol-16-10-how-to-spot-a-phishing-website-before-it-steals-your-data
Post a Comment
Read more

The Hacker News - New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in from The Hacker News https://thehackernews.com/2026/03/new-leakylooker-flaws-in-google-looker.html
Post a Comment
Read more

KnowBe4 - Announcing the Custom SAPA Agent: Security Awareness Measurement Built for Your Environment

Image
Security awareness programs are built on measurement. Before you can reduce human risk, you need a clear understanding of where knowledge gaps exist across your workforce. For many organizations, that process starts with a baseline assessment. from Human Risk Management Blog https://blog.knowbe4.com/announcing-the-custom-sapa-agent-security-awareness-measurement-built-for-your-environment
Post a Comment
Read more

The Hacker News - APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, from The Hacker News https://thehackernews.com/2026/03/apt28-uses-beardshell-and-covenant.html
Post a Comment
Read more

Schneier - Jailbreaking the F-35 Fighter Jet

Countries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance. The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party software. from Schneier on Security https://www.schneier.com/blog/archives/2026/03/jailbreaking-the-f-35-fighter-jet.html
Post a Comment
Read more