How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested,…
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
î „Ravie Lakshmananî ‚Apr 06, 2026Ransomware / Endpoint Security Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own…
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
î „Ravie Lakshmananî ‚Apr 06, 2026Cybercrime / Financial Crime Germany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the…
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long…
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
î „Ravie Lakshmananî ‚Apr 05, 2026Vulnerability / API Security Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS…
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
î „Ravie Lakshmananî ‚Apr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised…
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal…
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
î „Ravie Lakshmananî ‚Apr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web…
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture
The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS…
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
î „Ravie Lakshmananî ‚Apr 03, 2026Threat Intelligence / Malware The maintainer of the Axios npm package has confirmed that the supply chain compromise…