Ticker feed

Google released an emergency Chrome update fixing a zero-day vulnerability already being exploited by attackers. The flaw, CVE-2026-5281, affects Chrome's WebGPU system and allows hackers to execute malicious code by exploiting freed memory.

Chrome has been updated to version 146.0.7680.177/178, rolling out over the coming weeks. An anonymous researcher discovered the vulnerability on March 10, 2026. Google confirmed active exploitation but won't release technical details until most users are patched.

This massive update includes 21 security fixes total, with 19 rated high severity. The concentration of memory-related bugs highlights ongoing browser security challenges.

Update now: Menu → Help → About Google Chrome.

Source: Cybersecurity News

Toy giant Hasbro confirmed hackers breached its network on March 28, affecting brands like Peppa Pig, Transformers, Monopoly, and Play-Doh. The company's websites showed error messages Wednesday, with Hasbro warning the attack could delay product shipments for several weeks.

Hasbro filed with the SEC about the "unauthorized access" and took some systems offline as a precaution. While business operations continue, the company implemented temporary measures for orders and shipping that may cause delays.

It's unclear if hackers remain in Hasbro's systems, made demands, or accessed customer data. The 103-year-old company joins other major retailers hit by cyberattacks this year.

Source: BBC News

North Korean hackers compromised the widely-used Axios JavaScript library on March 31, 2026, publishing two malicious versions that were downloaded by roughly 3% of users before being removed three hours later. The attackers hijacked the NPM account of Axios maintainer @jasonsaayman and inserted a backdoor dependency called plain-crypto-js that deployed cross-platform malware capable of remote shell access and system reconnaissance.

With over 100 million weekly downloads, Axios is present in about 80% of cloud environments, making this breach particularly significant. The malware targeted Windows, macOS, and Linux systems and was designed to erase its tracks to avoid detection. Google attributed the attack to UNC1069, a North Korean group known for targeting cryptocurrency and DeFi platforms since 2018.

Organizations that installed the compromised versions should treat their systems as breached and immediately audit dependencies, rotate credentials, and scan for malware.

Source: SecurityWeek

Cisco disclosed six new vulnerabilities in its SD-WAN Manager on February 25, with three already exploited in the wild. While CVE-2026-20127 grabbed headlines with its perfect 10 CVSS score and three years of zero-day exploitation, researchers at VulnCheck warn that fake proof-of-concept exploits are muddying the waters.

Meanwhile, CVE-2026-20133 is flying under the radar despite allowing attackers to steal private keys and escalate to root access. VulnCheck found most public PoCs for the high-profile bug were either fake or misleading, with one actually exploiting three different vulnerabilities instead.

The chaos highlights how organizations struggle to prioritize patches amid overwhelming vulnerability noise and unreliable exploit code.

Source: Dark Reading

A hacker briefly hijacked the npm account of axios's lead maintainer and published malicious versions of the popular JavaScript library, which has 100 million weekly downloads. The attack occurred Sunday night into Monday morning, with poisoned versions "axios@1.14.1" and "axios@0.30.4" injecting remote access trojans targeting MacOS, Windows, and Linux devices.

Google attributes the attack to suspected North Korean hacking group UNC1069. Security researchers estimate around 600,000 downloads occurred during the brief window before the malicious versions were removed. The malware scrapes access credentials and could enable attackers to pivot to AWS and GitHub accounts.

Experts advise axios users to pin their current version immediately and avoid upgrading while auditing for potential compromises.

Source: CyberScoop

Security researchers at ReliaQuest have discovered DeepLoad, a sophisticated malware that steals passwords and credentials the moment it infects a system. The malware uses AI-generated code buried under thousands of lines of junk code to fool security scanners, then injects itself into legitimate Windows processes like LockAppHost.exe.

DeepLoad spreads through ClickFix social engineering tricks that prompt users to run fake "fix" commands. Once installed, it captures both stored browser passwords and live keystrokes through a malicious browser extension. The malware creates persistent triggers in Windows Management Instrumentation that can relaunch attacks days after apparent cleanup.

In one case, DeepLoad spread to USB drives within 10 minutes, disguising itself as familiar installers like Chrome and Firefox. Standard cleanup methods fail because the malware uses advanced persistence mechanisms that survive reboots and partial detection.

Source: Dark Reading

A major security flaw at Companies House allowed logged-in users to view and potentially edit other companies' confidential information, including directors' home addresses and emails. The breach, discovered Thursday by John Hewitt from Ghost Mail, occurred after a WebFiling system update in October 2025.

Companies House CEO Andy King apologized and confirmed the issue was fixed by Monday, with no current reports of data being accessed. However, unauthorized filings may have been possible during the breach period.

The incident has been reported to the Information Commissioner's Office and National Cyber Security Centre. UK businesses are urged to check their company details and will receive emails explaining how to verify their information.

Source: BBC

The popular Telnyx Python SDK became the latest victim of TeamPCP's ongoing supply chain attack campaign that began March 19. Two malicious versions (4.87.1 and 4.87.2) were uploaded to PyPI, targeting Windows, macOS, and Linux systems. The library, which has over 670,000 monthly downloads, enables cloud-based voice solutions.

The attack uses a clever technique: hiding malicious code inside valid WAV audio files that pass security checks. On Windows, it drops executables in startup folders, while on macOS and Linux, it runs scripts to steal session keys. All stolen data gets encrypted with RSA encryption matching previous TeamPCP attacks.

Users who installed these versions should assume their machines are compromised and immediately rotate all credentials, API keys, and SSH keys. GitGuardian estimates the campaign has affected over 470 repositories and 1,900 packages, with the actual scope likely much larger when considering private repositories.

Source: Security Week

CISA warned US organizations Thursday about a critical vulnerability (CVE-2026-4681) in PTC's Windchill software that allows remote attackers to execute code without authentication. The flaw affects the company's product lifecycle management tools used by industrial organizations.

The vulnerability sparked unprecedented action in Germany, where police were deployed across multiple states to physically visit companies and warn them about the risk. Officers reportedly showed up at some businesses in the middle of the night to deliver urgent security alerts.

PTC hasn't released patches yet but provided temporary mitigations and indicators to detect attacks. While there's no evidence of active exploitation, the dramatic German response suggests threat actors may soon target this vulnerability.

Source: Security Week

Cybersecurity researchers are warning that hackers are actively scouting Citrix NetScaler systems before launching attacks exploiting CVE-2026-3055, a critical vulnerability with a 9.3 severity score. The flaw affects NetScaler ADC and Gateway appliances configured as SAML Identity Providers, commonly used in enterprise single sign-on environments.

Threat intelligence firms watchTowr and Defused Cyber detected attackers using POST requests to probe the /cgi/GetAuthMethods endpoint, systematically identifying vulnerable configurations. This reconnaissance allows hackers to build targeted lists of susceptible systems without triggering the actual exploit.

The vulnerability enables unauthenticated attackers to extract sensitive data through memory overread, similar to previous "CitrixBleed" exploits. Security experts warn the window between current probing and mass exploitation is rapidly closing, urging immediate patching.

Source: Cybersecurity News