(Adobe Stock)

Apple expands updates to iOS 18 devices affected by DarkSword exploit

Steve ZurierApril 2, 2026

Experts say Apple’s move shows it understood that older iOS and iPadOS devices were vulnerable and being exploited by DarkSword.

RESOURCES

Identity
Rethinking identity security for a borderless attack surface
Email security
Email authentication in 2026: What every organization still gets wrong
Data Security
Your DLP can’t stop a smartphone: The data-leak crisis no one talks about
Governance, Risk and Compliance
Building institutional capacity: Why AI-augmented security is the new standard
Automated penetration testing
Why traditional VAPT is falling behind in the age of AI-built software

PODCASTS

Supply chain
What Is A Router? (And all things AI) – PSW #920
Leadership
Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta – Ann Marie van den Hurk, Amit Sinha, Matt Immler – BSW #441
Privacy
Beyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation – Rob Allen, Gibb Witham – SWN #568
Application security
Developing the Skills Needed for Modern Software Development – Keith Hoodlet, Ron Rasin, Shashwat Sehgal – ASW #376
Leadership
Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM – Lenny Zeltser, Helen Patton, Alexandre Sieira – ESW #452

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

WhatsApp Messenger displayed on mobile device

Ransomware

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Steve ZurierApril 1, 2026

Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.

Ransomware

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

Laura FrenchApril 1, 2026

The stealer persists on the victim’s machine and immediately exfiltrates data with no local staging.

Vulnerability Management

Citrix NetScaler ADC bug added to CISA list of known exploits

Steve ZurierMarch 31, 2026

Security agency gives federal agencies until April 2, 2026, to make the patch.

Application security

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura FrenchMarch 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

AI/ML

OpenAI fixes Codex flaw that could lead to GitHub token theft

Laura FrenchMarch 31, 2026

A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.

Network Security

F5 BIG-IP APM DoS bug exploited as an RCE, added to CISA list

Steve ZurierMarch 30, 2026

Flaw upgraded to an actively exploited RCE, experts advise teams to patch right away.

RSAC

BSides SF: SaaS, cloud assets vulnerable to identity-based ransomware attacks

Paul WagenseilMarch 28, 2026

It's easy to mount ransomware attacks upon SaaS and cloud assets, a researcher said at the BSides SF 2026 hacker conference.

A giant sandworm appears over a desert sand dune.

RSAC

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

Paul WagenseilMarch 28, 2026

The Shai-Hulud worms that exploited automatic updates in open-source software repositories may be only the beginning, two researchers said at RSAC 2026.

Cybersecurity News, Awards, Webinars, eSummits, Research

Apple expands updates to iOS 18 devices affected by DarkSword exploit

RESOURCES

PODCASTS

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

Perspectives

4 steps teams can take to mitigate Iranian cyberattacks on critical infrastructure

RSAC 2026: The real takeaway isn’t AI – it’s post-quantum readiness

5 ways to effectively manage AI browsers

How to secure real‑time carbon tracking in factories

RSAC 2026: A sober look at the competing narratives around AI

In Brief

Actively exploited Chrome zero-day patched

Ransomware intrusion compromises North Dakota water treatment facility

Americans’ passports purportedly stolen in hacktivist attack against Dubai airport

Third-party hack affirmed by Nissan after Everest ransomware assertions

Massive Cisco breach claimed by ShinyHunters

More Resources

When detection isn’t enough: The limits of EDR

Infoblox’s Craig Sanderson breaks down the newly finalized NIST SP 800-81

Beyond the vault: Rethinking privileged access security

From cyber risk to business impact: A conversation with IBM and CyberSaint

IBM’s Srinivas Tummalapenta: Building the cyber risk intelligence layer

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

Citrix NetScaler ADC bug added to CISA list of known exploits

Axios npm supply chain attack: Malicious updates add remote access trojan

OpenAI fixes Codex flaw that could lead to GitHub token theft

F5 BIG-IP APM DoS bug exploited as an RCE, added to CISA list

BSides SF: SaaS, cloud assets vulnerable to identity-based ransomware attacks

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

EVENTS

Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control

Ring the alarm! Your IT security program has a mobile-app gap

Cloud Security: The AI Effect and How to Proceed

Securing every door: Scalable strategies to manage machine and AI agent risks

From code to cloud: Stopping attacks in the software supply chain