The n8n n8mare: How threat actors are misusing AI workflow automation#n8n https://blog.talosintelligence.com/the-n8n-n8mare/

The n8n n8mare: How threat actors are misusing AI workflow automation
#n8n
https://blog.talosintelligence.com/the-n8n-n8mare/

JanelaRAT: a financial threat targeting users in Latin America
#JanelaRAT
https://securelist.com/janelarat-financial-threat-in-latin-america/119332/

North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
#ContagiousInterview #npm #PyPI #Packagist
https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems

Snowflake customers hit in data theft attacks after SaaS integrator breach
#Snowflake
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/

New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
#LucidRook #LucidKnight #LucidPawn
https://blog.talosintelligence.com/new-lua-based-malware-lucidrook/

Inside an AI‑enabled device code phishing campaign
#Storm_2372 #EvilTokens
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/

Qilin EDR killer infection chain
#QilinGroup #QilinEDRKiller
https://blog.talosintelligence.com/qilin-edr-killer/

Threat Intelligence vSphere and BRICKSTORM Malware: A Defender's Guide
#BRICKSTORM
https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide/

The Claude Code leak in four charts: half a million lines, three accidents, forty tools
#ClaudeCode
https://www.randalolson.com/2026/04/02/claude-code-leak-four-charts/

Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643
#CVE_2026_21643
https://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4

Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
#CVE_2026_3055
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

Inside Keitaro Abuse: A Persistent Stream of AI-Driven Investment Scams
#Keitaro #FaiKast #WickedWally #FishSteaks
https://www.infoblox.com/blog/threat-intelligence/inside-keitaro-abuse-a-persistent-stream-of-ai-driven-investment-scams/

Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data
#HandalaHackTeam
https://cyberscoop.com/handala-hackers-target-fbi-director-kash-patel-email/

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
#InfinitiStealer
https://www.malwarebytes.com/blog/threat-intel/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka

Scarlet Goldfinch’s year in ClickFix
#ScarletGoldfinch
https://redcanary.com/blog/threat-intelligence/scarlet-goldfinch-clickfix/

Russian cybercriminal sentenced to prison for using a “botnet” to steal millions from American businesses
#TA551
https://www.justice.gov/usao-edmi/pr/russian-cybercriminal-sentenced-prison-using-botnet-steal-millions-american-businesses

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack
#TeamPCP
https://www.wiz.io/blog/teampcp-attack-kics-github-action

CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours
#CVE_2026_33017
https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours

Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
#LAPSUS$
https://hackread.com/hacker-group-lapsus-astrazeneca-data-breach/

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
#Aisuru #Kimwolf #JackSkid
https://krebsonsecurity.com/2026/03/feds-disrupt-iot-botnets-behind-huge-ddos-attacks/