Industrial Sector
- The Open Back Door: Industrial Remote Access
"Industrial operations have never been more connected - or more exposed. As plants modernize and depend on third-party vendors, integrators and remote experts, access practices haven't kept pace with the threat landscape. The connectivity that drives uptime and efficiency has quietly become one of the largest unmanaged attack surfaces in operational technology. Adversaries - including nation-state actors - are actively probing these pathways. Recent CISA advisories have called out insecure remote access as a primary entry point into critical infrastructure."
https://www.bankinfosecurity.com/blogs/open-back-door-industrial-remote-access-p-4067
Vulnerabilities
- Double Agents: Exposing Security Blind Spots In GCP Vertex AI
"Artificial intelligence (AI) agents are quickly advancing into powerful autonomous systems that can perform complex tasks. These agents can be integrated into enterprise workflows, interact with various services and make decisions with a degree of independence. Google Cloud Platform’s Vertex AI, with its Agent Engine and Application Development Kit (ADK), provides a comprehensive platform for developers to build and deploy these sophisticated agents. But what if the AI agent you just deployed was secretly working against you? As we delegate more tasks and grant more permissions to AI agents, they become a prime target for attackers. A misconfigured or compromised agent can become a “double agent” that appears to serve its intended purpose, while secretly exfiltrating sensitive data, compromising infrastructure, and creating backdoors into an organization's most critical systems."
https://unit42.paloaltonetworks.com/double-agents-vertex-ai/
https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html - GIGABYTE Control Center Vulnerable To Arbitrary File Write Flaw
"The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that successful exploitation could potentially lead to code execution on the underlying system, privilege escalation, and a denial-of-service condition. The GIGABYTE Control Center (GCC), which comes pre-installed on all the company’s laptops and motherboards, is GIGABYTE’s all-in-one Windows utility that lets users manage and configure their hardware."
https://www.bleepingcomputer.com/news/security/gigabyte-control-center-vulnerable-to-arbitrary-file-write-flaw/
https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html - Claude AI Finds Vim, Emacs RCE Bugs That Trigger On File Open
"Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. The assistant also created multiple versions of proof-of-concept (PoC) exploits, refined them, and provided suggestions to address the security issues. Vim and GNU Emacs are programmable text editors primarily used by developers and sysadmins for code editing, terminal-based workflows, and scripting. Vim in particular is widely used in DevOps, and is installed by default on most Linux server distributions, embedded systems, and macOS."
https://www.bleepingcomputer.com/news/security/claude-ai-finds-vim-emacs-rce-bugs-that-trigger-on-file-open/
https://blog.calif.io/p/mad-bugs-vim-vs-emacs-vs-claude - CrewAI Contains Multiple Vulnerabilities Including SSRF, RCE And Local File Read
"Four vulnerabilities have been identified in CrewAI, including remote code execution (RCE), arbitrary local file read, and server-side request forgery (SSRF). CVE-2026-2275 is directly caused by the Code Interpreter Tool. The other three vulnerabilities result from improper default configuration settings within the main CrewAI agent and associated Docker images. An attacker who can interact with a CrewAI agent that has the Code Interpreter Tool enabled may exploit these issues through prompt injection, ultimately chaining the vulnerabilities together. The vendor has provided a statement addressing some, but not all, of the reported vulnerabilities."
https://kb.cert.org/vuls/id/221883
https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/
Malware
- Axios Compromised On Npm - Malicious Versions Drop Remote Access Trojan
"StepSecurity is hosting a community town hall on this incident on April 1st at 10:00 AM PT - Register Here. axios is the most popular JavaScript HTTP client library with over 100 million weekly downloads. On March 30, 2026, StepSecurity identified two malicious versions of the widely used axios HTTP client library published to npm: [email protected] and [email protected]. The malicious versions inject a new dependency, [email protected], which is never imported anywhere in the axios source code. Its sole purpose is to execute a postinstall script that acts as a cross platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux. The dropper contacts a live command and control server and delivers platform specific second stage payloads. After execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection."
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package
https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
https://www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/
https://www.darkreading.com/application-security/axios-npm-package-compromised-precision-attack
https://therecord.media/google-links-axios-supply-chain-attack-north-korea
https://www.koi.ai/blog/axios-compromised-a-supply-chain-attack-on-npms-most-popular-http-client
https://opensourcemalware.com/blog/axios-compromised
https://www.theregister.com/2026/03/31/axios_npm_backdoor_rat/
https://cyberscoop.com/axios-software-developer-tool-attack-compromise/
https://hackread.com/hackers-poison-axios-npm-package-100m-downloads/
https://securityaffairs.com/190221/security/attackers-hijack-axios-npm-account-to-spread-rat-malware.html
https://www.helpnetsecurity.com/2026/03/31/axios-npm-backdoored-supply-chain-attack/
https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust - Phantom Stealer: Credential Theft As a Service
"Infostealer malware remains one of the most effective tools for gaining unauthorized access to corporate networks. It collects sensitive data from infected devices (often called bots), including browser credentials, passwords, cookies, credit card details, and cryptocurrency wallet information. The data extracted by infostealers is actively traded across cybercriminal underground markets and frequently serves as a starting point for further attacks. These logs are commonly used to establish initial access for ransomware operations, enable data breaches, and facilitate fraud schemes such as Business Email Compromise (BEC)."
https://www.group-ib.com/blog/phantom-stealer-credential-theft/ - Kernel Observability For Data Movement
"There is a recurring pattern in post-incident reviews that security teams rarely articulate explicitly: in most breaches, the underlying activity was not invisible. Data movement occurred. Processes accessed files outside of their expected scope. Network connections were established to previously unseen destinations. In retrospect, the sequence of system events forms a clear and traceable chain. The failure is not the absence of signals, but the absence of visibility at the layer where those signals originate."
https://hackread.com/kernel-observability-for-data-movement/ - Security Brief: Tax Scams Aim To Steal Funds From Taxpayers
"Threat actors love to take advantage of tax season. It’s peak social engineering time: combine monetary concerns with often stressful responsibilities, sprinkle in the expectation of emails about taxes from multiple organizations and you’ve got a recipe for cybercrime. So far in 2026 we’ve seen over a hundred campaigns leverage tax themes leading to malware, remote monitoring and management (RMM) payloads, fraud, and credential phishing. Tax-themed campaigns are expected annually, but this year we’re seeing more RMM payloads, activity from newly identified threat actors, and a broader variety of social engineering lures."
https://www.proofpoint.com/us/blog/threat-insight/security-brief-tax-scams-aim-steal-funds-taxpayers
https://www.infosecurity-magazine.com/news/tax-season-new-phishing-tactics/ - Iran-Nexus Password Spray Campaign Targeting Cloud Environments, With a Focus On The Middle East
"Check Point Research identified a password-spraying campaign conducted by an Iran-nexus threat actor, targeting cloud environments of government entities, municipalities, energy-sector organizations, and private-sector companies amid the ongoing conflict in the Middle East, primarily in Israel and the UAE. Unlike common brute-force attacks, password spraying targets multiple accounts with the same set of weak or commonly used passwords. The technique is based on the assumption that at least one user will have weak credentials. In this campaign, the attackers used multiple source IP addresses to target numerous accounts, making detection based on atomic indicators such as IPs more difficult."
https://blog.checkpoint.com/research/iran-nexus-password-spray-campaign-targeting-cloud-environments-with-a-focus-on-the-middle-east/
https://www.theregister.com/2026/03/31/iran_password_spraying_m365/ - When Trusted Software Updates Become The Attack Vector: Inside Operation TrueChaos And a New Zero Day Vulnerability In a Popular Collaboration Tool
"At the start of 2026, Check Point Research uncovered a targeted cyber espionage campaign that challenges long held assumptions about trust inside enterprise and government networks. Dubbed Operation TrueChaos, the campaign did not rely on phishing, stolen credentials, or exploitation of internet facing servers. Instead, attackers abused a previously unknown zero day vulnerability in a trusted, widely deployed enterprise videoconferencing platform to quietly distribute malware across multiple government agencies at once. The vulnerability, tracked as CVE 2026 3502, impacted the TrueConf Windows client, a collaboration platform used extensively by government, defense, critical infrastructure organizations and reputable businesses such as banks due to its on premises, offline capable architecture."
https://blog.checkpoint.com/research/when-trusted-software-updates-become-the-attack-vector-inside-operation-truechaos-and-a-new-zero-day-vulnerability-in-a-popular-collaboration-tool/
https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/
https://thehackernews.com/2026/03/trueconf-zero-day-exploited-in-attacks.html - Tracking TeamPCP: Investigating Post-Compromise Attacks Seen In The Wild
"Following the recent supply chain attacks targeting the Trivy, KICKS, and LiteLLM projects, the Wiz Customer Incident Response Team (CIRT) and Wiz Research have proactively hunted, notified, and responded to multiple attacks being carried out by the TeamPCP threat actor group. Wiz Research has tracked the campaign of supply chain operations against popular open source tools carried out by the group calling themselves "TeamPCP" over the past two weeks:"
https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild
https://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials
https://www.infosecurity-magazine.com/news/teampcp-exploit-stolen-supply/
https://www.securityweek.com/teampcp-moves-from-oss-to-aws-environments/ - Beyond The Regime: How Iran Weaponizes Cybercrime And Ransomware Tactics
"When U.S. organizations think of ransomware, the immediate image is often a financially motivated, Eastern European cybercriminal cartel operating a massive Ransomware-as-a-Service (RaaS) empire. However, a different, hybrid threat has emerged from the Middle East. While Iran may not operate traditional, large-scale ransomware cartels like LockBit or ALPHV, Iranian state-sponsored threat actors have increasingly blurred the lines between Advanced Persistent Threat (APT) operations and everyday e-crime. They aren't just adapting to the cybercrime ecosystem; they are weaponizing it. From acting as Initial Access Brokers (IABs) to deploying pseudo-ransomware for destructive attacks, Iranian groups leverage cybercrime tactics to support state objectives (while some examples discussed below involve incidents outside the U.S., they serve as critical analog cases illustrating the methods relevant to U.S. critical infrastructure defenders). Here is what defenders need to know about the evolving Iranian playbook."
https://www.kelacyber.com/blog/beyond-the-regime-how-iran-weaponizes-cybercrime-and-ransomware-tactics/
https://www.darkreading.com/threat-intelligence/iran-pseudo-ransomware-pay2key-operations - New Widespread EvilTokens Kit: Device Code Phishing As-a-Service – Part 1
"In March 2026, through our monitoring of phishing-focused cybercrime communities, Sekoia’s Threat Detection & Research (TDR) team uncovered EvilTokens, a new turnkey Microsoft device code phishing kit sold as Phishing-as-a-Service (PhaaS). These phishing pages have been circulating since mid-February 2026, and were rapidly adopted by cybercriminals specialising in Adversary-in-the-Middle (AitM) phishing and Business Email Compromise (BEC). Our analysis showed that EvilTokens provides a turnkey Microsoft device code phishing kit and a range of advanced features to conduct BEC attacks, including access weaponisation, email harvesting, reconnaissance capabilities, a built-in webmail interface, and AI-powered automation."
https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/
https://www.helpnetsecurity.com/2026/03/31/eviltokens-phishing-microsoft-365/ - Latest Xloader Obfuscation Methods And Network Protocol
"Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since version 8.1, the Xloader developer applied several changes to the code obfuscation. The purpose of this blog is to describe the latest obfuscation methods and provide an in-depth analysis of the network communication protocol. We highly recommend reading our previous blogs about Xloader in order to get a better understanding of the malware’s internals."
https://www.zscaler.com/blogs/security-research/latest-xloader-obfuscation-methods-and-network-protocol - Venom Stealer Turns ClickFix Into a Full Exfiltration Pipeline
"BlackFog researchers have identified a new malware-as-a-service (MaaS) platform called Venom Stealer being sold on cybercrime networks. Venom stands out from commodity stealers like Lumma, Vidar, and RedLine because it goes beyond credential harvesting. It builds ClickFix social engineering directly into the operator panel, automates every step after initial access, and creates a continuous exfiltration pipeline that does not end when the initial payload finishes running. The developer, operating under the handle “VenomStealer”, sells access as a subscription ($250/month to $1,800 lifetime) with a vetted application process, Telegram-based licensing, and a 15% affiliate program."
https://www.blackfog.com/venom-stealer-turns-clickfix-into-a-full-exfiltration-pipeline/
https://www.securityweek.com/venom-stealer-raises-stakes-with-continuous-credential-harvesting/ - Pro-Russian Hackers Pose As Ukraine's Cyber Agency To Target Government, Businesses
"A pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. Researchers from Ukraine’s computer emergency response team (CERT-UA) said Sunday the attackers, tracked as UAC-0255, sent emails last week posing as the agency. The messages arned recipients about a supposed “large-scale cyberattack” allegedly being prepared by Russia against Ukrainian critical infrastructure."
https://therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency - WhatsApp Malware Campaign Delivers VBScript And MSI Backdoors
"Microsoft Defender Experts observed a campaign beginning in late February 2026 that uses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files. Once executed, these scripts initiate a multi-stage infection chain designed to establish persistence and enable remote access. The campaign relies on a combination of social engineering and living-off-the-land techniques. It uses renamed Windows utilities to blend into normal system activity, retrieves payloads from trusted cloud services such as AWS, Tencent Cloud, and Backblaze B2, and installs malicious Microsoft Installer (MSI) packages to maintain control of the system. By combining trusted platforms with legitimate tools, the threat actor reduces visibility and increases the likelihood of successful execution."
https://www.microsoft.com/en-us/security/blog/2026/03/31/whatsapp-malware-campaign-delivers-vbs-payloads-msi-backdoors/
https://www.theregister.com/2026/03/31/whatsapp_message_bad_msi_packages/ - Weaponizing The Protectors: TeamPCP’s Multi-Stage Supply Chain Attack On Security Infrastructure
"Between late February and March 2026, threat group TeamPCP conducted a highly calculated, escalating sequence of supply chain threats. It systematically compromised widely trusted open-source security tools, including the vulnerability scanners Trivy and KICS and the popular AI gateway LiteLLM. The affected software also includes the official Python SDK of Telnyx. These ongoing supply chain attacks injected malicious infostealer payloads directly into GitHub Actions and Python Package Index (PyPI) registries. Once executed during routine automated workflows, the malware silently extracts highly sensitive data, such as:"
https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/ - Inside Pay2Key: Technical Analysis Of a Linux Ransomware Variant
"Linux ransomware remains one of the least documented threat categories in public research, yet ransomware groups are increasingly adding Linux support to their arsenals, targeting the servers and infrastructure that organizations depend on most. In this blog, we provide a deep technical dive into the Linux build of Pay2Key.I2 ransomware, initially detected in the wild in late August 2025. The sample is configuration-driven, requires root-level privileges to execute, and is engineered to traverse broad filesystem scope, classify mounts, and encrypt data using ChaCha20 in full or partial modes. Understanding how it operates matters, not just for Pay2Key, but for the broader class of Linux ransomware it represents."
https://www.morphisec.com/blog/inside-pay2key-technical-analysis-of-a-linux-ransomware-variant/ - Operation NoVoice: Rootkit Tells No Tales
"McAfee’s mobile research team identified and investigated an Android rootkit campaign tracked as Operation Novoice. The malware described in this blog relies on vulnerabilities Android made patches available for in 2016 – 2021. All Android devices with a security patch level of 2021-05-01 or higher are not susceptible to the exploits that we were able to obtain from the command-and-control server. However patched devices that downloaded these apps could have been exposed to unknown potential payloads outside of what we discovered. The attack begins with apps that were previously available on Google Play that appear to be simple tools such as cleaners, games, or gallery utilities. When a user downloaded and opened one of these apps, it appeared to behave as advertised, giving no obvious signs of malicious activity."
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/
Breaches/Hacks/Leaks
- Lloyds IT Glitch Exposed Data Of Nearly 500,000 Banking Customers
"A software defect at Lloyds Banking Group exposed the personal data of up to 447,936 customers after an IT glitch allowed users to see other customers' transactions and account information. The incident, which occurred on 12 March during an overnight system update, affected customers using mobile banking apps across Lloyds, Halifax and Bank of Scotland. The error meant that some users could briefly view transactions belonging to others, including account details, payment references and national insurance numbers. Around 114,182 customers clicked on transactions that displayed other users' personal information. The bank said customers would have had to access their apps within fractions of a second of other users for the data to appear."
https://www.infosecurity-magazine.com/news/lloyds-glitch-exposed-500000/
https://www.securityweek.com/lloyds-data-security-incident-impacts-450000-individuals/
https://securityaffairs.com/190213/data-breach/nearly-half-a-million-mobile-customers-of-lloyds-banking-group-affected-by-a-security-incident.html - Qilin Ransomware Allegedly Breached Chemical Manufacturer Giant Dow Inc
"Qilin ransomware claims a breach of Dow Inc., listing it on its Tor leak site, but no proof of the hack has been released yet. Qilin Ransomware group allegedly breached the chemical manufacturing giant Dow Inc. The cybercrime group added the company to its Tor data leak site, but at this time, it has not published any proof of the hack. Dow Inc has allegedly been breached by Qilin Ransomware."
https://securityaffairs.com/190186/cyber-crime/qilin-ransomware-allegedly-breached-chemical-manufacturer-giant-dow-inc.html - Cisco Source Code Stolen In Trivy-Linked Dev Environment Breach
"Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. A source, who asked to remain anonymous, told BleepingComputer that Cisco's Unified Intelligence Center, CSIRT, and EOC teams contained the breach involving a malicious "GitHub Action plugin" from the recent Trivy compromise. The attackers used the malicious GitHub Action to steal credentials and data from the company's build and development environment, impacting dozens of devices, including some developer and lab workstations."
https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/ - Claude Code's Source Code Appears To Have Leaked: Here's What We Know
"Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude Code, to the public. A 59.8 MB JavaScript source map file (.map), intended for internal debugging, was inadvertently included in version 2.1.88 of the @anthropic-ai/claude-code package on the public npm registry pushed live earlier this morning."
https://venturebeat.com/technology/claude-codes-source-code-appears-to-have-leaked-heres-what-we-know
https://www.bleepingcomputer.com/news/artificial-intelligence/claude-code-source-code-accidentally-leaked-in-npm-package/
https://securityaffairs.com/190229/data-breach/anthropic-accidentally-leaks-claude-code.html
General News
- Maryland Man Charged With Defrauding Crypto Exchange Of Over $50 Million In Hacks
"United States Attorney for the Southern District of New York, Jay Clayton, and Kevin Murphy, Acting Special Agent in Charge of Homeland Security Investigations (“HSI”) San Diego, announced the unsealing of an Indictment charging JONATHAN SPALLETTA, a/k/a “Cthulhon,” a/k/a “Jspalletta,” with computer fraud and money laundering in connection with his hacks of the decentralized cryptocurrency exchange Uranium Finance (“Uranium”). SPALLETTA surrendered today and will be presented this afternoon before U.S. Magistrate Judge Ona T. Wang. The case is assigned to U.S. District Judge Jed S. Rakoff."
https://www.justice.gov/usao-sdny/pr/maryland-man-charged-defrauding-crypto-exchange-over-50-million-hacks
https://www.bleepingcomputer.com/news/security/hacker-charged-with-stealing-53-million-from-uranium-crypto-exchange/ - Ransomware In 2025: Blending In Is The Strategy
"Ransomware attacks aren’t smash-and-grab anymore. They’re built on access that already looks legitimate — closer to positioning chess pieces than breaking the door down. That’s the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial access (and 40% of the time it’s through phishing) they move the way a user or administrator would: logging in, checking systems, and using the same remote access tools that are already installed. In fact, one of the biggest challenges for defenders today is that ransomware actors are deliberately trying to overlap with everyday activity. RDP, PowerShell, and PsExec are the top three tools that are used by ransomware actors, but in many environments, these tools are part of normal operations."
https://blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy/ - AI Agents Are Democratizing Finance But Also Redefining Risk
"AI agents are starting to move capital, and in doing so, they are democratizing access to financial strategies that were previously out of reach for most users. What once required sophisticated infrastructure can now be reduced to a simple instruction: find arbitrage, execute it, optimize it. Agents are making payments, buying tokens, trading across DEXs and CEXs, and moving assets between chains, all with increasing autonomy. They operate continuously, react faster than humans, and execute strategies that are difficult to replicate manually. For users, this is powerful. It is efficient, scalable, and in some cases, highly profitable. In some cases, this is already translating into real outcomes, with a user reportedly turning $300 into over $2.3 million in four months."
https://hackread.com/ai-agents-democratizing-finance-redefining-risk/ - Why I’m Done Calling Humans The Weakest Link
"Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners are very bad at communicating to people. A primary example is the phrase “humans are the weakest link” which is well known phrase in our industry. This phrase implies that if it were not for human our systems would be fully secure, but most worryingly projects the message to non-cybersecurity people that there are inferior to us. So not only does this phrase alienate our fellow workers it is a phrase that I firmly believe is unfair and completely misleading. The real issue around cybersecurity is not human error, it is the failure of the technology and the system designs and architecture to support real human behavior."
https://www.helpnetsecurity.com/2026/03/31/cybersecurity-design-failures-not-human-error/ - Employee Data Breaches Surge To Seven-Year High
"Breaches of employee data reported to the UK regulator have hit their highest level in at least seven years, according to new analysis from law firm Nockolds. The company said that reports to the Information Commissioner’s Office (ICO) had increased 5% over the past year to reach 3872 breach incidents in 2025. This is nearly 29% higher than the total number of reported breaches recorded in 2019 (3010), when these records began. However, cyber-related breaches actually fell by 6% over the past year to 1568, while non-cyber incidents jumped 15% to 2304."
https://www.infosecurity-magazine.com/news/employee-data-breaches-surge/ - Safeguarding Cryptocurrency By Disclosing Quantum Vulnerabilities Responsibly
"Google has led the responsible transition to post-quantum cryptography since 2016. In a new whitepaper, we show that future quantum computers may break the elliptic curve cryptography that protects cryptocurrency and other systems with fewer qubits and gates than previously realized. We want to raise awareness on this issue and are providing the cryptocurrency community with recommendations to improve security and stability before this is possible, including transitioning blockchains to post-quantum cryptography (PQC), which is resistant to quantum attacks."
https://research.google/blog/safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly/
https://quantumai.google/static/site-assets/downloads/cryptocurrency-whitepaper.pdf
https://www.helpnetsecurity.com/2026/03/31/quantum-computers-cryptocurrency-risks-google-research/ - The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
"There is a perceptible shift in how risk is seen across the organization. Data integrity is no longer only about keeping data safe; it’s also about data trust. Organizations are asking themselves, “Can we trust our data?” In a new era shaped by AI-driven decisions, that question is difficult to answer, and it increasingly has operational significance. Even a minuscule change in training data can significantly increase the likelihood of inaccurate or harmful AI outputs. Organizations have built an operational framework where all decision-making, whether financial, operational, or strategic, is governed by data. Data distortion, therefore, becomes a very clear and present integrity problem."
https://www.securityweek.com/the-next-cybersecurity-crisis-isnt-breaches-its-data-you-cant-trust/ - Attackers Aren’t Breaking In Anymore, They’re Logging In
"For years, cybersecurity has been built around a simple idea: keep attackers out. Build stronger perimeters. Patch vulnerabilities. Detect malware. Stop intrusions before they happen. But what if attackers don’t need to break in at all? That’s the reality emerging from Ontinue’s 2H 2025 Threat Intelligence Report. Across thousands of investigations, one trend stood out above everything else: Attackers aren’t breaking in anymore, they’re logging in."
https://www.ontinue.com/resource/blog-ontinue-2h-2025-threat-intel-report/
https://www.ontinue.com/2h2025threatintelligencereport
https://www.securityweek.com/stolen-logins-are-fueling-everything-from-ransomware-to-nation-state-cyberattacks/ - Leak Bazaar: Inside The New Criminal Platform Turning Stolen Data Into a Structured Marketplace
"On March 25th, 2026, user Snow from SnowTeam published an advertisement for a new kind of Leak Site concept on the Russian-speaking TierOne forum. The new service is called “Leak Bazaar” and appears to be an evolution in the extortion game. What stood out to me about Leak Bazaar was not the branding, but instead it seemed to identify a real inefficiency inside the extortion economy and build its entire pitch around solving it. The problem it is trying to solve is straightforward. When an actor steals a large volume of corporate data, and the victim refuses to pay, that data does not always convert neatly into money. Public disclosure can still be useful as a pressure tactic, but a raw dump is often too large, too disorganized, and too uneven in quality to have much value beyond coercion. Anyone who has spent time looking at real exfiltrated datasets knows how much noise they contain. There are system files, duplicate material, outdated records, malformed exports, irrelevant binaries, and large database dumps that may contain valuable information in theory but require work before anyone can actually use them."
https://flare.io/learn/resources/blog/leak-bazaar-inside-new-criminal-platform
https://therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
อ้างอิง
Electronic Transactions Development Agency (ETDA) 
has discovered a critical command injection vulnerability in OpenAI's Codex cloud environment that exposed sensitive GitHub credential data. The vulnerability exists within the task creation HTTP request, which allows an attacker to inject arbitrary commands through the GitHub branch name parameter. This can result in the theft of a victim's GitHub User Access Token—the same token Codex uses to authenticate with GitHub. Through automated techniques, this exploit can scale to compromise multiple users interacting with a shared environment or GitHub repository. The vulnerability affects the ChatGPT website, Codex CLI, Codex SDK, and the Codex IDE Extension. All reported issues have since been remediated in coordination with OpenAI’s security team."
