News
-
Patched Chrome flaw allowed malicious extensions to hijack Gemini panel
A Unit 42 technical analysis found CVE-2026-0628 could let malicious Chrome extensions inject code into the Gemini panel and access camera, microphone, screenshots, and local files. Google patched the issue in early January 2026.
-
Chrome to adopt Merkle Tree Certificates in phased move toward quantum resistance
Google said Chrome will develop Merkle Tree Certificates to make HTTPS resilient to future quantum threats and plans a phased rollout through Q3 2027, beginning with a feasibility study with Cloudflare.
-
UK automated scanner cuts DNS fix times from 50 days to eight
An automated Vulnerability Monitoring System cut DNS vulnerability remediation in the UK public sector from 50 days to eight and sped other fixes. Firefox added a Sanitizer API and the FTC updated COPPA policy on age verification.
-
North Korean actors publish 26 malicious npm packages that deploy credential stealer and RAT
North Korean-linked actors published 26 malicious npm packages in March 2026 that use Pastebin text steganography and Vercel hosted C2 to deliver a credential stealer and remote access trojan targeting developer systems.
-
Agentic AI moves into production, raising governance and monitoring demands
Agentic AI is moving into production, enabling models to plan and execute multi-step tasks without continuous human input. This increases the need for supervised fine-tuning, continuous monitoring and traceability to manage operational and regulatory risk.
-
ManoMano notifies customers after third-party provider breach affecting 38 million
ManoMano notified customers after a January 2026 breach of a third-party support provider exposed personal data for 38 million people. No passwords were accessed and the company revoked the subcontractor’s data access.
-
Critical Junos flaw allows unauthenticated root takeover of PTX routers
A Junos OS Evolved flaw in PTX Series routers could allow unauthenticated remote code execution as root. Juniper issued patches and operators are advised to apply fixes or restrict access and consider disabling the vulnerable service.
-
Olympique de Marseille confirms cyberattack after threat actor leaks sample of alleged data
Olympique de Marseille said it was hit by a cyberattack this month and that a threat actor posted a sample claiming a database of about 400,000 people. The club notified the CNIL and filed a complaint.
-
Malicious NuGet package impersonated Stripe library and logged 180,000 downloads
A malicious NuGet package posing as a Stripe payments library was uploaded on February 16, 2026 and amassed over 180,000 downloads across 506 versions before removal. Researchers documented the campaign.
-
UFP Technologies discloses data stolen in February cyber incident
UFP Technologies detected suspicious activity on February 14 that resulted in data theft from its IT systems. The firm removed the threat, restored access and does not expect a material operational or financial impact.
