New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

New Mac malware goes straight for developer keys

Two newly discovered macOS threats are designed to harvest developer credentials and cloud access as attackers focus on ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
StateTech Magazine

What Is Configuration Drift, and How Can Governments Manage It?

As state and local agencies accelerate cloud adoption, security and compliance issues increasingly stem not from missing ...
Security Boulevard

Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample ...

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

Autonomous SOC agents now shipping can rewrite firewall rules and modify IAM policies — outpacing the governance frameworks ...
Coingape

KelpDAO Hack: LayerZero Blames North Korea’s Lazarus and Kelp’s Poor Security

LayerZero says North Korea's Lazarus Group likely behind the hack and blames Kelp's single validation security.
Hosted on MSN

Microsoft advances 365 security with AI, DLP, and Teams updates

Microsoft is rolling out major 2026 security enhancements across Microsoft 365, including AI-powered threat modeling, new Teams anti-phishing tools, and expanded Purview Data Loss Prevention ...

Iran-nexus threat groups refine attacks against critical infrastructure

State-sponsored and hacktivist groups have shown greater determination to damage or disable energy, water and other key ...

Majority of Kelp DAO exploit funds moved through THORChain

A major regulatory or security event shuts down THORChain liquidity or forces a protocol pause, crushing usage and fees. Aave ...
Blockonomi

$292M Kelp DAO Security Breach Leaves Aave Facing Massive Bad Debt Exposure

Kelp DAO's $292M LayerZero bridge hack threatens Aave with up to $230M bad debt. Protocols dispute responsibility as DeFi ...
GovInfoSecurity

Breach Roundup: Myanmar Scam Compound Managers Charged

This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for ...