Apr 05, 2026 · #17

Episode 17 — 05 Apr 2026 1. Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Source: The Hacker News Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading... 2. Axios npm hack used fake Teams error fix to hijack maintainer account Source: Bleeping Computer The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers. This follows the threat actors compromising a maintainer account to... 3. Evolution of Ransomware: Multi-Extortion Ransomware Attacks Source: Bleeping Computer Evolution of Ransomware: Multi-Extortion Ransomware Attacks Sponsored by Penta Security April 3, 2026 10:05 AM 0 Ransomware's Real-World Impact Across Industries In February 2026, the University of Mississippi Medical Center (UMMC) fell victim to a ransomware attack. The... 4. 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants Source: The Hacker News Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent... 5. Die Linke German political party confirms data stolen by Qilin ransomware Source: Bleeping Computer The Qilin ransomware group has stolen data from Die Linke, a German democratic socialist political party, and is threatening to leak it. On March 27, a day after the threat actor compromised its network, the party disclosed a cyber incident but stopped short of confirming a... 6. Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Source: The Hacker News Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL... 7. LinkedIn secretly scans for 6,000+ Chrome extensions, collects data Source: Bleeping Computer A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. According to a report by Fairlinked e.V., which claims to be an association of... 8. UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack Source: The Hacker News The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their...