%term

Can an Attack Start Without Malware? 82% of Attacks Do

Apr 2, 2026 By CrowdStrike In CrowdStrike

What looks like a simple coding task can quickly turn into a real cyberattack. In this demo, we show how a modern malware-free attack works step by step. It starts with something that feels completely normal: a job interview and a small coding assignment. No suspicious files. No obvious malware. But once the script is executed, everything changes. You’ll see how adversaries use trusted tools like Git, Notepad, and Python to gain access, establish command and control, and move inside an environment without being detected at first.

View Video

CrowdStrike

Read more about Can an Attack Start Without Malware? 82% of Attacks Do

What major cyberattacks reveal about the cost of slow recovery

Apr 1, 2026 By Sharon Natasha Francis In ManageEngine

Cyberattacks often succeed not because they are sophisticated but because organizations lack reliable backups or struggle to restore data quickly. When recovery is slow, even minor disruptions can escalate, providing attackers with the time and leverage they need to deploy ransomware and halt operations. When systems go down, every minute of downtime results in operational disruption, a drop in revenue, and lost customer trust.

Read Post

ManageEngine

Read more about What major cyberattacks reveal about the cost of slow recovery

Axios npm package compromise: What happened, what matters, and how to respond

Apr 1, 2026 By Tanium In Tanium

Attackers carried out a supply chain compromise by abusing a compromised npm maintainer account to publish malicious Axios versions (axios@1.14.1 and axios@0.30.4). These releases introduced an unexpected dependency, plain-crypto-js@4.2.1, which attempted platform-specific malware execution via an npm lifecycle script during installation on Windows, macOS, and Linux.

Read Post

Tanium

Read more about Axios npm package compromise: What happened, what matters, and how to respond

The Top 5 Most Dangerous Cyber Attacks in History

Apr 1, 2026 By Kate Watson In Pentest People

Understanding the deadliest cyber attacks in history is crucial not only for historical record but for fortifying our defenses against the escalating threats that loom on the horizon. This article delves into the digital disasters that have fundamentally altered our perception of cyber security, examining their anatomy, impact, and the critical lessons they impart.

Read Post

Pentest People

Read more about The Top 5 Most Dangerous Cyber Attacks in History

Recommendations for companies to avoid being victim to a cyber attack.

Apr 1, 2026 By CISO Global In CISO Global

Joseph Hall, Threat Intel Expert, talks with host, Gary Perkins and shares useful tips for companies to avoid being owned.

View Video

CISO Global

Read more about Recommendations for companies to avoid being victim to a cyber attack.

The Sword Has Been Drawn: What DarkSword's Expansion in the Wild Means for Mobile Security and the Enterprise

Apr 1, 2026 By David Richardson In Lookout

The last few weeks have marked a chaotic turning point in the mobile threat landscape. We’ve seen mass exploitations across numerous iOS versions by multiple threat actors, driven by sophisticated exploit chains like Coruna and now DarkSword. What makes these threats different is not just their activity, but their trajectory. Until recently, these capabilities were expensive, highly secretive, and limited to a small number of advanced actors. Now, that dynamic has shifted rapidly.

Read Post

Lookout

Read more about The Sword Has Been Drawn: What DarkSword's Expansion in the Wild Means for Mobile Security and the Enterprise

Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

Mar 31, 2026 By Tom Abai In Mend

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named plain-crypto-js which, in its 4.2.1 release, contained a fully-featured cross-platform dropper that silently installed a Remote Access Trojan (RAT) on developer machines.

Read Post

Mend

Read more about Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers

Mar 31, 2026 By Anita Tenjarla In Cloudflare

We're proud to introduce Programmable Flow Protection: a system designed to let Magic Transit customers implement their own custom DDoS mitigation logic and deploy it across Cloudflare’s global network. This enables precise, stateful mitigation for custom and proprietary protocols built on UDP. It is engineered to provide the highest possible level of customization and flexibility to mitigate DDoS attacks of any scale.

Read Post

Cloudflare

Read more about Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers

Supply Chain Attack Impacts Widely Used Axios npm Package

Mar 31, 2026 By Andres Ramos In Arctic Wolf

The widely used Axios npm package, a JavaScript library that enables applications to make HTTP/S requests and is included as a dependency in millions of applications, was compromised in a supply chain attack on March 31, 2026 (UTC).

Read Post

Arctic Wolf

Read more about Supply Chain Attack Impacts Widely Used Axios npm Package

From Shai-Hulud to LiteLLM: Supply Chain Attackers Are Coming for Your Agents

Mar 30, 2026 By Yuval Fernbach In JFrog

The LiteLLM supply chain compromise of March 24, 2026, is not an isolated incident. It is the latest and perhaps most dangerous chapter in an evolving attacker playbook that JFrog Security Research has been tracking for years. The target has shifted from developers to the AI agents that developers now rely on to build software.

Read Post