Trump wants to slash $707M from CISA’s budget • The Register - Trump’s 2027 spending plan says it will “refocus” CISA by “removing offices that are duplicative of existing and effective programs at the State and Federal level, such as certain targeted school safety programs.” Overall reduction to CISA budget will be $710M~
CBP facility codes sure seem to have leaked via online flashcards - The public Quizlet set contained information about alleged codes for specific facility entrances. “Checkpoint doors code?” asked one card, with a specific four-digit combination listed in response. Another asks for the code of a specific gate at the facility, again with an exact combination listed as the answer. Two other gate codes were described in this manner, but WIRED is not using the gate names, because it is unclear if they are confidential.
New Rowhammer attacks give complete control of machines running Nvidia GPUs - Ars Technica - Three new attacks demonstrate how a malicious user can gain full root control of a host machine by performing novel Rowhammer attacks on high-performance GPU cards made by Nvidia.
Don’t open that WhatsApp message, Microsoft warns • The Register - Once it’s executed, the malicious script creates hidden folders in C:\ProgramData and drops renamed versions of legitimate Windows utilities - for example, curl.exe renamed as netapi.dll and bitsadmin.exe as sc.exe. Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials - The starting point of the attack chain is a ClickFix lure that tricks users into running PowerShell commands by pasting the command into the Windows Run dialog under the pretext of addressing a non-existent issue. This, in turn, uses “mshta.exe,” a legitimate Windows utility to download and run an obfuscated PowerShell loader.
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit - The update is available for the following devices -
- iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), and iPhone 16e
- iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation), and iPad Pro 13-inch (M4) The latest update aims to cover devices that have the capability to update to iOS 26 but are still on older versions. Apple first released iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, but only for iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation. Last month, the company also urged users to update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to address some of the exploits that were used in DarkSword and another exploit kit called Coruna.
Axios npm hack used fake Teams error fix to hijack maintainer account UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack - “They had cloned the company’s founders’ likeness as well as the company itself,” Saayman said in a post-mortem of the incident. “They then invited me to a real Slack workspace. This workspace was branded to the company’s CI and named in a plausible manner. The Slack [workspace] was thought out very well; they had channels where they were sharing LinkedIn posts.”
Cisco source code stolen in Trivy-linked dev environment breach - As part of the breach, multiple AWS keys were reportedly stolen and later used to perform unauthorized activities across a small number of Cisco AWS accounts. Cisco has isolated affected systems, begun reimaging them, and is performing wide-scale credential rotation. BleepingComputer has learned that more than 300 GitHub repositories were also cloned during the incident, including source code for its AI-powered products, such as AI Assistants, AI Defense, and unreleased products.
‘NoVoice’ Android malware on Google Play infected 2.3 million devices - The apps carrying the malicious payload included cleaners, image galleries, and games. They required no suspicious permissions and provided the promised functionality.
Residential proxies evaded IP reputation checks in 78% of 4B sessions - Roughly 39% of those sessions appear to originate from home networks, most certainly part of residential proxies, but 78% of them are invisible to reputation feeds.
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data - This script checked for 6,236 browser extensions by attempting to access file resources associated with a specific extension ID, a known technique for detecting whether extensions are installed. While many of the extensions that are scanned for are related to LinkedIn, the script also strangely detected language and grammar extensions, tools for tax professionals, and other seemingly unrelated features. The script also collects a wide range of browser and device data, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features.
Iran
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations - The campaign is assessed to have targeted the cloud environments of government entities, municipalities, technology, transportation, energy sector organizations, and private-sector companies in the region. Password spraying is a form of brute-force attack where a threat actor attempts to use a single common password against multiple usernames on the same application. It’s also considered a more effective way to discover weak credentials at scale without triggering rate-limiting defenses. Iran targets M365 accounts with password-spraying attacks • The Register
Breach
Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch - Although the company says customer medical records were not affected by the breach, the nature of customer support systems means that the data may contain sensitive information about a person’s account, personal information, and healthcare.
AI
OpenClaw gives users yet another reason to be freaked out about security - Ars Technica - “The practical impact is severe,” researchers from AI app-builder Blink wrote. “An attacker who already holds operator.pairing scope—the lowest meaningful permission in an OpenClaw deployment—can silently approve device pairing requests that ask for operator.admin scope. Once that approval goes through, the attacking device holds full administrative access to the OpenClaw instance. No secondary exploit is needed. No user interaction is required beyond the initial pairing step. For organizations running OpenClaw as a company-wide AI agent platform, a compromised operator.admin device can read all connected data sources, exfiltrate credentials stored in the agent’s skill environment, execute arbitrary tool calls, and pivot to other connected services. The word ‘privilege escalation’ undersells this: the outcome is full instance takeover.”
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms - The discovery came after the AI upstart released version 2.1.88 of the Claude Code npm package, with users spotting that it contained a source map file that could be used to access Claude Code’s source code – comprising nearly 2,000 TypeScript files and more than 512,000 lines of code. The version is no longer available for download from npm.
Fake Claude Code source downloads actually delivered malware • The Register - A malicious GitHub repository published by idbzoomh uses the Claude Code exposure as a lure to trick people into downloading malware, including Vidar, an infostealer that snarfs account credentials, credit card data, and browser history; and GhostSocks, which is used to proxy network traffic.
Claude AI finds Vim, Emacs RCE bugs that trigger on file open - The Claude assistant analyzed Vim’s source code and identified missing security checks and issues in modeline handling, allowing code embedded in a file to be executed upon opening. Even if the code was supposed to run in a sandbox, another problem allowed it to bypass the restriction and execute commands in the context of the current user. An attack scenario devised by the researcher involves creating an archive (e.g., an email or a shared drive) that contains a hidden .git/ directory with a config file pointing to an executable script. When the victim extracts the archive and opens the text file, the payload executes without any visible indicators on the GNU Emacs default configuration.
AI agents found vulns in this Linux and Unix print server • The Register - It’s also a favorite target for security researchers because a) making printers do bad things is fun, and b) as the default printing system for Apple device operating systems and most Linux distributions, any CUPS security flaw has a wide blast radius.
AI Just Hacked One Of The World’s Most Secure Operating Systems - Exploiting this required Claude to solve six distinct problems: configuring a test environment with the vulnerable kernel, devising a multi-packet strategy to deliver shellcode that exceeds a single packet’s capacity, cleanly terminating hijacked kernel threads so the server remains operational between attack rounds, debugging incorrect stack offsets using De Bruijn patterns, creating a new process from kernel context and transitioning it to userspace, and clearing inherited debug registers that caused child processes to crash. Each of these steps demands deep understanding of operating system internals. Each step was accomplished autonomously.