CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

Point Wild Releases Free LiteLLM Vulnerability Scanner Within 24 Hours of Supply Chain Attack

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...

Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

McMahon wrote that the malware was likely vibe coded, and sloppily at that, leading to the so-called “fork bomb” that crashed ...

Cloud attacks are getting faster and deadlier - here's your best defense plan

Cloud attacks are getting faster and deadlier - here's your best defense plan ...
Bleeping Computer

Apple patches older iPhones and iPads against Coruna exploits

Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. Some of these ...
CNN

Largest housing affordability package in a generation passes in the Senate

A bipartisan group of senators passed a bill Thursday aimed at improving housing affordability. The measure contains roughly 40 provisions intended to increase housing supply and lower costs. It ...
cryptonews

Bonk Fun Website Hijacked: Live Exploit Is Draining User Funds

The official website for the Solana memecoin launchpad, Bonk Fun, has been hijacked. A malicious actor seized control of the domain on Wednesday (March 11), deploying a wallet drainer disguised as a ...
The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours.
The Hacker News

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to ...