Axios maintainer’s post mortem confirms social engineering by UNC1069

Laura FrenchApril 3, 2026

Jason Saayman says he installed a remote access trojan disguised as a Teams update.

RESOURCES

Identity
Rethinking identity security for a borderless attack surface
Email security
Email authentication in 2026: What every organization still gets wrong
Data Security
Your DLP can’t stop a smartphone: The data-leak crisis no one talks about
Governance, Risk and Compliance
Building institutional capacity: Why AI-augmented security is the new standard
Automated penetration testing
Why traditional VAPT is falling behind in the age of AI-built software

PODCASTS

Vulnerability Management
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet… – SWN #569
Supply chain
What Is A Router? (And all things AI) – PSW #920
Leadership
Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta – Ann Marie van den Hurk, Amit Sinha, Matt Immler – BSW #441
Privacy
Beyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation – Rob Allen, Gibb Witham – SWN #568
Application security
Developing the Skills Needed for Modern Software Development – Keith Hoodlet, Ron Rasin, Shashwat Sehgal – ASW #376

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

A 3D-Illustration of the word Linux on metallic cubes

Chaos malware now targeting 64-bit Linux servers

Steve ZurierApril 3, 2026

Analysis of China-nexus groups also discovers double-pronged strategy, one on immediacy, the other around long dwell times.

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Laura FrenchApril 3, 2026

The campaign leverages a newly-discovered phishing kit called VENOM.

Vulnerability Management

Apple expands updates to iOS 18 devices affected by DarkSword exploit

Steve ZurierApril 2, 2026

Experts say Apple’s move shows it understood that older iOS and iPadOS devices were vulnerable and being exploited by DarkSword.

WhatsApp Messenger displayed on mobile device

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Steve ZurierApril 1, 2026

Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

Laura FrenchApril 1, 2026

The stealer persists on the victim’s machine and immediately exfiltrates data with no local staging.

(Adobe Stock)

Vulnerability Management

Citrix NetScaler ADC bug added to CISA list of known exploits

Steve ZurierMarch 31, 2026

Security agency gives federal agencies until April 2, 2026, to make the patch.

Application security

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura FrenchMarch 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

(Credit: Robert – stock.adobe.com)

OpenAI fixes Codex flaw that could lead to GitHub token theft

Laura FrenchMarch 31, 2026

A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.

EVENTS