VulnHub

Google has addressed 21 vulnerabilities in its Chrome browser, including a serious zero-day flaw identified as CVE-2026-5281. This vulnerability is categorized as a use-after-free (UAF) issue in Dawn, which is part of the WebGPU standard utilized by Chromium and its derivatives. While specific details about the exploitation of this flaw are scarce, the fact that it has been flagged as 'in-the-wild' suggests that attackers are actively using it. Users of Chrome and other Chromium-based browsers should ensure they are running the latest versions to protect themselves from potential attacks. Keeping browsers updated is crucial because such vulnerabilities can lead to unauthorized access or other malicious activities.

Venom Stealer is a type of malware-as-a-service (MaaS) that has been linked to various cyberattacks, including those targeting ClickFix and cryptocurrency theft. Once it infiltrates a victim's device, the malware remains persistent, immediately stealing sensitive data without storing it locally. This rapid exfiltration process makes it particularly dangerous, as victims may not even realize their information has been compromised until it’s too late. The versatility of Venom Stealer in targeting both general data and specific financial information poses a significant risk to individuals and organizations alike. As cybercriminals increasingly adopt such services, users need to be vigilant about their cybersecurity practices.

SentinelOne's AI technology successfully thwarted a supply chain attack involving a compromised LiteLLM package, stopping the malicious code within seconds. The incident occurred when a user unknowingly installed the tainted package, which was triggered by the Claude Code tool. SentinelOne's macOS agent detected the malicious process chain and intervened automatically, preventing any further damage. This event illustrates the ongoing risks associated with supply chain vulnerabilities, as attackers often exploit trusted software components to infiltrate systems. Companies using LiteLLM or similar packages should review their security measures to guard against such threats.

The Axios NPM package was compromised in a supply chain attack attributed to North Korean hackers. Attackers exploited a long-lived NPM access token to bypass GitHub's OIDC-based CI/CD publishing workflow, allowing them to publish backdoored versions of the package. This incident raises significant concerns for developers and organizations using Axios, as it highlights vulnerabilities in the software supply chain that could lead to broader exploitation. Users of the affected package need to be vigilant and check for any unauthorized versions, as these could introduce malicious code into their applications. The breach underscores the ongoing risks associated with open-source software and the need for stronger security practices in managing access tokens and dependency management.

Kaspersky researchers have identified a new Remote Access Trojan (RAT) called CrystalX, which is being distributed as Malware-as-a-Service (MaaS). This malware combines features of spyware, information stealers, and prankware, making it particularly versatile and dangerous. Users can unknowingly download CrystalX, leading to their personal information being stolen or their devices being used for malicious purposes. The presence of prankware adds a unique twist, as it can also be used to annoy or embarrass victims. This incident underscores the evolving nature of cyber threats and the need for users to be vigilant about the software they install and the links they click on.

A group known as STARDUST CHOLLIMA has reportedly compromised the Axios npm package, which is widely used in JavaScript applications. This incident could affect numerous developers and companies that rely on this package for building web applications. The attackers inserted malicious code, which could lead to data breaches or unauthorized access to systems using the compromised package. Developers are advised to check their dependencies and ensure they are using the latest, secure versions of Axios. This situation raises concerns about the security of open-source packages and the potential risks they pose in software development.

Researchers from Defused have reported ongoing attacks exploiting a serious SQL injection vulnerability in Fortinet's FortiClient EMS, identified as CVE-2026-21643. These intrusions have been active since March 24, raising concerns for organizations using this software. SQL injection vulnerabilities allow attackers to manipulate database queries, potentially leading to unauthorized access and data breaches. Companies utilizing FortiClient EMS are urged to take immediate action to protect their systems and data from these exploits. The situation emphasizes the need for regular security updates and vigilance against emerging threats.

A recent phishing campaign has targeted various sectors in Ukraine, including government entities, healthcare providers, financial institutions, educational organizations, and software development firms. Attackers impersonated the country's Computer Emergency Response Team (CERT) to deliver the AGEWHEEZE Remote Access Trojan (RAT) between March 26 and 27. This type of malware allows unauthorized access to infected systems, posing significant risks to sensitive data and operational security. The incidents emphasize the ongoing cyber threats faced by Ukrainian organizations, particularly amid heightened geopolitical tensions. Entities in the affected sectors need to remain vigilant and enhance their cybersecurity measures to mitigate such risks.