The European Commission (EC) has confirmed that hackers stole over 300GB of data from its AWS environment using an API key compromised in the Trivy supply chain attack. The incident occurred on March 24 and was initially disclosed on March 27, when the EC warned that cloud infrastructure hosting its resources for the Europa.eu platform had been breached. Now, CERT-EU reveals that the hack involved an AWS cloud account that is part of the backend for the Europa.eu hosting service. READ MORE...
The North Korean threat actor blamed for the Axios supply chain attack has been aiming its social engineering campaign at various Node.js maintainers, Socket reports. The Axios attack occurred on March 31, when two malicious package versions were published to the NPM registry. They were removed roughly three hours later, but were likely installed by over 3 million users. The attackers used social engineering tactics previously observed in other campaigns. READ MORE...
As layoffs surge and job seekers flood the market, phishing campaigns impersonating major brands, including Coca-Cola and Ferrari, are ramping up-and they're more sophisticated than ever. The first scam we found uses a convincing booking page to collect personal details, then tricks victims into handing over their Google work account credentials through a fake sign-in page disguised inside what looks like a real Chrome browser window. READ MORE...
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. Tracked as CVE-2026-35616, the flaw is an improper access control vulnerability that allows unauthenticated attackers to execute code or commands via specially crafted requests. The issue was patched Saturday, with Fortinet confirming it has been exploited in the wild. READ MORE...
At first glance, the data privacy labels on app stores look helpful, but it will take more than that to protect users' privacy. In the same way that nutrition labels give consumers a better idea of the nutrients a food might contain, app labels are intended to give people insights into what kinds of personal data a particular mobile app collects, how it's used, and who it might be shared with. That may sound great, but data privacy labels aren't enough by themselves. READ MORE...
For more than a month, security practitioners have been warning about the perils of using OpenClaw, the viral AI agentic tool that has taken the development community by storm. A recently fixed vulnerability provides an object lesson for why. OpenClaw, which was introduced in November and now boasts 347,000 stars on Github, by design takes control of a user's computer and interacts with other apps and platforms to assist with a host of tasks. READ MORE...
Security researchers warn that chaining two critical vulnerabilities in Progress Software's ShareFile service could allow an attacker to achieve remote code execution. The flaws exist in ShareFile Storage Zones Controller, which helps users manage files while they are using the ShareFile software-as-a-service interface, according to researchers at watchTowr Labs. The vulnerabilities include an authentication bypass flaw, tracked as CVE-2026-2699, and a remote code execution flaw, CVE-2026-2701. READ MORE...
When it comes to large language model-powered tools, there are generally two broad categories of users. On one side are those who treat AI as a powerful but sometimes faulty service that needs careful human oversight and review to detect reasoning or factual flaws in responses. On the other side are those who routinely outsource their critical thinking to what they see as an all-knowing machine. Recent research goes a long way to forming a new psychological framework for that second group. READ MORE...