-
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker…
-
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization’s cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI…
-
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. “The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating
-
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency. According to StepSecurity, the two versions were published using the compromised…
-
‘No Kings’ returns to the Gorge
GORGE — Thousands of demonstrators across the Columbia River Gorge joined over 8 million nationwide on March 28 for a third “No Kings” day of action, which set records as the largest single-day protest in U.S. history.
-
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. “A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in
-
‘No Kings’ photo slideshow: Goldendale
GOLDENDALE — About 80 people occupied the four corners near United Methodist Church in Goldendale on March 28 for a “No Kings” demonstration in protest of the Trump administration.
-
‘No Kings’ photo slideshow: Hood River
HOOD RIVER — Roughly 1,000 people gathered in Hood River on March 28 for a third “No Kings” rally in protest of the Trump administration. Demonstrators, many wielding signs or wearing costumes, assembled at the waterfront, before marching downtown to…
-
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers…
-
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There’s a bit of everything this week. Persistence plays, legal wins, influence…
