Cybersecurity News
Global headlines curated by our intelligent agents.
Latest News
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
Apple expanded iOS 18.7.7 on April 1, 2026 after DarkSword disclosure, enabling auto security updates across more devices.
Hasbro faces weeks of issues following major cyberattack and data breach
Hasbro, the toy producer that controls major properties including Peppa Pig and Dungeons & Dragons, has been hacked. It's not yet clear if personal information has been stolen, but given the severity, it seems likely.
Apple Issues Rare iOS 18 Security Update to Protect Against DarkSword Exploit
Apple today released a new build of iOS 18.7.7 and iPadOS 18.7.7, presumably with a fix for the DarkSword exploit. Apple told Wired that it would release an iOS 18 update for more devices, allowing users with auto-update turned on to receive the security update. iOS 18.7.7 was initially limited to the iPhone XS and XR models, but it is now available for other iPhones.
Apple releases iOS 18 security update for all iPhone users, update now
Apple has released a rare iOS 18 update to patch a spreading exploit for all iPhone users still running iOS 18.
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
CERT-UA impersonation on March 26–27, 2026 spread AGEWHEEZE malware, infecting few devices despite 1M phishing emails.
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Augmented Marauder targets Latin America and Europe since 2020, using dynamic PDF phishing to spread Casbaneiro via Horabot.
Users staying on iOS 18 will get a patch for the worst iPhone attack vector we've ever seen
Following the emergence and public code leak of the severe DarkSword iPhone exploit, Apple is preparing to release a patch for users who choose to run iOS 18, so that they can be protected without upgrading to iOS 26.
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
WhatsApp VBS campaign began February 2026, abusing AWS and UAC bypass to gain persistent remote access.
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Chrome patches 21 flaws including exploited CVE-2026-5281 in Dawn, marking fourth zero-day fixed in 2026, reducing active attack risk.
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
84% of attacks abuse legitimate tools across 700,000 incidents, expanding internal attack surfaces and evading detection defenses.
Apple to Issue Rare iOS 18 Software Update for DarkSword Exploit
Apple on Wednesday will issue software updates to devices still running iOS 18 to protect them from an exploit called DarkSword, which can silently take over an iPhone if it visits a website infected with the malicious code.
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.
Apple confirms iOS 18 update to patch DarkSword exploit for users who haven’t upgraded to iOS 26
According to Wired, Apple will release an iOS 18 update on Wednesday morning to patch vulnerabilities exploited by the DarkSword hack.
Audit your subscriptions this April Fool's and stop wasting money
It's April Fool's Day, so it's a great time to make sure you're not getting tricked out of your hard-earned cash and cancel those subscriptions you've forgotten about. Here's how to do it.
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government networks
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Unit 42 found excessive P4SA permissions in Vertex AI, enabling credential theft and cloud data exposure, increasing breach risk.
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
AI weaponizes the kill chain across hours or days, forcing continuous exposure and agentic defense to reduce exploitation risk.
Google Drive has some new tricks to help if you get hit by a ransomware attack
Google Drive can now detect ransomware activity and help restore your files, though full protection depends on your plan.
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
Apple Subsidiary Fined Over $500,000 for Breaching Russian Sanctions
Apple's Irish subsidiary has been fined £390,000 ($516,110) by the UK government for making payments to a sanctioned Russian streaming platform in 2022. The Office of Financial Sanctions Implementation (OFSI) said that Apple Distribution International Ltd.
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Russian CTRL toolkit spread via malicious LNK files in February 2026, routing C2 through FRP-tunneled RDP to evade detection.
If Google is serious about Android scams, there’s a bigger problem than sideloading
Google's new sideloading rules for Android ignore the Play Store's own malware problem, undermining its commitment to stopping scams.
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three China-linked clusters targeted a Southeast Asian government in 2025, deploying multiple malware families to secure persistent access.