-
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Donald Trump’s former special envoy to Russia and Ukraine, retired Lt. Gen. Keith Kellogg, will join the advisory board of Powerus, a Florida-based startup seeking to build relationships with and acquire technology from Ukrainian drone makers to sell to the U.S. military, the company said in a statement Tuesday. The news signals warming commercial and financial activity between U.S. investors and Ukrainian defense technology entrepreneurs, even as U.S.-led diplomatic talks on ending Russia’s war appear stalled.
Kellogg commanded the Army’s 82nd Airborne Division and served as director of command, control, communications and computers (J6) for the Joint Chiefs of Staff. He was a national security advisor to then-Vice President Mike Pence during Trump’s first term.
The selection of Kellogg as special envoy to Russia and Ukraine in November 2024 won praise from Ukrainians, and seasoned diplomats. His military experience and the consistency of his hawkish views toward Russian President Vladimir Putin contrast with other current and former members of Trump’s cabinet. The Kremlin, naturally, was less enthusiastic about his selection and complained about Kellogg’s presence at peace talks. He stepped down last December, replaced by Steve Witkoff, a real-estate developer with controversial business ties to Russia and who also serves as the U.S. envoy to the Middle East.
The rise of Powerus is an indicator of the growing American interest in Ukrainian defense tech. Based in West Palm Beach, Trump’s sons are among the investors. Fired former Joints Chief Chairman C.Q. Brown also joined the company’s advisory board this month. The company plans to go public this summer after an already-announced merger with Aureus Greenway Holdings.
There is a disconnect between current White House rhetoric on Ukraine and the actions of those connected to U.S. leadership. On one side is the dismissive White-House line on Ukraine. On the other are military operators, experienced policy professionals, and, increasingly, the global early-stage investor class urging deeper partnership with a proven ally who is defining the future of defense technology.
Ukraine’s new diplomatic strategy is commercial
As peace talks continue, Ukraine is pursuing a new strategy to build diplomatic relations: commercial links, and co-business development, a group of Ukrainian government and military officials said last week in Washington, D.C.“The political environment is what it is, and so moving from inadequate integration to leading with defense tech integration on a business level with business partners and allies,” one Ukrainian official said during a discussion with a handful of analysts and journalists at the German Marshall Fund.
Signs suggest Ukraine’s strategy is working; the number of U.S. firms that focus on Ukrainian defense technology is growing, as is the number of venture capital outfits, such as Ondas Capital. Eric Brock, Ondas CEO, told Defense One in January that for Ukrainian startups, partnerships with U.S. firms make sense. But such pairings offer important positioning for U.S. investors in terms of accessing future defense markets.
“We’re better able to see where the winners are and layer them into an operating model … We can meet the demand, because [the market for Ukrainian drone and counter-drone tech is] going to be exploding. It's going to be this market exploding on infrastructure for drone and counter-drone technologies.”
Ukraine this week finalized deals with various Middle Eastern governments for technology sharing. The countries are in urgent need of air defenses against the Russia-launched, Iranian-designed drones that Ukraine has been contending with since 2023.
In March, Ukrainian drone company Swarmer announced an initial public offering on the Nasdaq and saw shares jump in value by a factor of eight.
“Ukraine taught us how big of an advantage drones have been to equalize its defense against what should have been a lopsided victory for the Russians. Small, cheap, mass-produced machines now obliterate state-of-the-art tanks and missile systems worth tens of millions, and intercept waves of kamikaze drones at scale,” Kellogg said in a statement. “Powerus is bringing that equalizing power and the same capabilities to the U.S.”
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization’s cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to stop. Instead of dropping noisy custom malware upfront, modern operators chain trusted utilities to gain SYSTEM access, kill security processes, and then encrypt at scale. Because many of these […]
The post Windows Tools Abused to Kill AV Ahead of Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific Axios releases, exposing millions of developers to a multi-stage remote access trojan capable of executing arbitrary commands and stealing system data. The malicious Axios versions, 1.14.1 and 0.30.4, were published directly […]
The post Axios NPM Packages Breached in Ongoing Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Mar. 31, 2026– Read the full story in Forbes
One message has persisted over the past few years: cybersecurity is no longer an IT concern; it has become a fundamental business requirement, according to Chuck Brooks, who was named one of the top 5 tech people to follow on LinkedIn. Viability, survivability, and ultimately commercial success are dependent on securing the devices and network for any business in the evolving digital era.
Forbes reports that despite this reality, an excessive number of organizations, notably small and mid-sized businesses (SMBs), are lacking designated leadership in this crucial domain.
Cybersecurity Ventures and Sophos have released a sobering report, the 2026 CISO Report, that underscores this point.
The report states that it is anticipated that cybercrime will result in a global economic loss of $12.2 trillion USD annually by 2031, a significant increase from the $6 trillion in 2021 and the $10.5 trillion in 2025.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post The CISO Gap: Why Every Business Needs Cybersecurity Leadership appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. “The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately.¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
