# Archive
Browse past daily curated stories
Saturday, April 04, 2026
-
1BleepingComputer generalLinkedIn secretely scans for 6,000+ Chrome extensions, collects data
Microsoft's LinkedIn is secretly scanning visitors' browsers for over 6,000 Chrome extensions using hidden JavaScript and collecting device data. The "BrowserGate" report reveals how LinkedIn bypasses user consent to profile browser configurations and potentially identify security tools or privacy extensions.
-
2The Record threat-intelCISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
CISA ordered federal agencies to patch a video conferencing vulnerability within two weeks after Chinese hackers actively exploited it. The directive targets a bug in TrueConf's video conferencing platform that allows privilege escalation and reconnaissance on Asian government systems.
-
3SecurityWeek generalNorth Korean Hackers Drain $285 Million From Drift in 10 Seconds
North Korean hackers stole $285 million from Drift Protocol in just 10 seconds by taking control of admin keys and draining five vaults. The attackers prepared nonce-based transactions and infrastructure beforehand, executing a sophisticated social engineering attack against the Security Council.
-
4The Record threat-intelEU cyber agency attributes major data breach to TeamPCP hacking group
The EU cybersecurity agency CERT-EU attributed a massive data breach at the European Commission to the TeamPCP hacking group. The breach compromised cloud infrastructure and exposed data from at least 29 additional EU entities beyond the Commission itself.
-
5The Hacker News generalUNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
North Korean threat actors from UNC1069 compromised the Axios npm package through targeted social engineering of maintainer Jason Saayman. The supply chain attack demonstrates sophisticated DPRK capabilities to infiltrate widely-used JavaScript libraries through personalized social manipulation campaigns.
-
6SecurityWeek generalCritical ShareFile Flaws Lead to Unauthenticated RCE
Critical vulnerabilities in Citrix ShareFile can be chained together to achieve unauthenticated remote code execution by bypassing authentication and uploading arbitrary files. The flaws allow attackers to completely compromise ShareFile servers without any credentials.
-
7The Hacker News generalChina-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
China-linked TA416 (also tracked as DarkPeony, RedDelta, SmugX) has targeted European government and diplomatic organizations since mid-2025 using PlugX malware and OAuth-based phishing. The campaign marks a return to European targeting after a two-year hiatus in the region.
-
8The Hacker News generalMicrosoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Microsoft discovered threat actors using HTTP cookies as control channels for PHP web shells on Linux servers to achieve remote code execution. The attackers use cookie values to gate execution rather than URL parameters, persisting through cron jobs for stealthier command and control.
-
9BleepingComputer generalHims & Hers warns of data breach after Zendesk support ticket breach
Telehealth company Hims & Hers suffered a data breach after attackers stole support tickets from Zendesk's customer service platform. The breach exposed patient information stored in third-party support systems, highlighting risks in healthcare companies' vendor ecosystems.
-
10BleepingComputer generalDie Linke German political party confirms data stolen by Qilin ransomware
German political party Die Linke confirmed that the Qilin ransomware group stole sensitive data during an attack that forced IT systems offline. The breach affects one of Germany's major left-wing political parties and threatens to expose confidential political communications and member data.