# Today's Top Stories

Researchers discovered AirSnitch, a new Wi-Fi attack that exploits core features in network Layers 1 and 2 through cross-layer identity desynchronization. The attack enables full bidirectional machine-in-the-middle capabilities, allowing attackers to view and modify data by failing to bind and synchronize clients across network layers and SSIDs.

The FBI is investigating suspicious activities on its networks following a February incident where a platform supporting wiretaps was allegedly accessed. An FBI spokesperson confirmed the agency identified and addressed the suspicious network activities but provided no details on the scope or impact of the breach.

Dutch intelligence warned that Russian state-sponsored hackers are conducting a global phishing campaign targeting Signal and WhatsApp accounts of government officials, military personnel, and journalists. The campaign aims to gain access to sensitive encrypted messaging communications across multiple countries.

North Korean threat actor UNC4899 (also known as Jade Sleet) breached a cryptocurrency organization in 2025 by exploiting a developer who AirDropped a trojanized file to their work device. The sophisticated cloud compromise campaign resulted in the theft of millions of dollars in cryptocurrency from the targeted firm.

The ShinyHunters extortion gang claims to be actively exploiting a new vulnerability to steal data from Salesforce Aura instances, while Salesforce warns customers about attacks targeting misconfigured Experience Cloud platforms. The attacks exploit configurations that give guest users unintended access to sensitive customer data.

Attackers are using Microsoft Teams to contact employees at financial and healthcare organizations, tricking them into granting remote access through Quick Assist to deploy A0Backdoor malware. The social engineering campaign leverages the trusted Teams platform to bypass traditional security defenses and establish persistent access.

Ericsson Inc., the U.S. subsidiary of Swedish telecom giant Ericsson, disclosed a data breach affecting an undisclosed number of employees and customers after attackers compromised one of its service providers. The breach involved unauthorized access to sensitive data belonging to both internal staff and external customers.

A malicious npm package named "@openclaw-ai/openclawai" masquerades as an OpenClaw installer to deploy a remote access trojan and steal macOS credentials. The package, uploaded by user "openclaw-ai" on March 3, 2026, has been downloaded 178 times and remains available on the npm registry.

Two Chrome extensions, QuickLens and another tool originally developed by BuildMelon, turned malicious after ownership transfer to enable code injection and data theft. The extensions now push malware to downstream users and harvest sensitive data, highlighting risks of browser extension supply chain attacks.

A Chinese threat actor dubbed by Unit 42 has been conducting multi-year attacks against critical infrastructure in South, Southeast, and East Asia using web server exploits and Mimikatz. The campaign targets aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors across the region.