DJBSEC's CyberNews 2026-04-01

Created in April 01, 2026

2026   ·   Daily News   ·   News

Google Vertex AI Over-Permission Issue Raises Security Concerns

Researchers have identified an over-privilege issue within Google Vertex AI that could allow excessive access to sensitive resources. The problem stems from overly broad permissions granted to AI services, increasing the risk of misuse or lateral movement. If exploited, attackers could access data or perform actions beyond intended scope. This highlights a growing challenge in securing AI platforms where permissions are complex and often misconfigured. Organizations are urged to audit permissions and enforce least-privilege principles.
Read More

TeamPCP Breaches Cloud SaaS Using Stolen Credentials

A threat group known as TeamPCP has been linked to breaches of cloud SaaS environments using stolen credentials. Instead of exploiting vulnerabilities, the attackers rely on valid login data to gain access to enterprise systems. This approach allows them to bypass many traditional security defenses. Once inside, they can exfiltrate data and maintain persistence. The campaign reinforces the importance of identity security and monitoring for abnormal login behavior.
Read More

Microsoft Warns of Evolving Threats to Critical Infrastructure

Microsoft has warned that threats to critical infrastructure are evolving in both sophistication and scale. Attackers are increasingly targeting essential services such as energy, transportation, and healthcare. The shift includes more coordinated and state-sponsored campaigns aimed at disruption and espionage. Microsoft emphasizes the need for improved resilience and collaboration across sectors. Organizations are encouraged to adopt proactive defense strategies and enhance incident response capabilities.
Read More

Iran-Linked Attackers Use Password Spraying Against Microsoft 365

Iran-linked threat actors are conducting password spraying attacks against Microsoft 365 accounts to gain unauthorized access. By trying common passwords across many accounts, attackers can avoid account lockouts and remain undetected. Once access is obtained, they can gather intelligence or move laterally within organizations. The campaign targets a wide range of industries, including government and private sectors. Organizations should enforce strong password policies and enable multi-factor authentication.
Read More

Cisco Source Code Stolen in Developer Environment Breach

Cisco has confirmed that source code was stolen following a breach of a developer environment linked to the Trivy supply chain attack. The incident highlights how compromised development tools can lead to broader organizational exposure. Attackers were able to access sensitive code repositories, raising concerns about downstream risks. Cisco is investigating the impact and working to secure affected systems. This event underscores the importance of securing development pipelines and dependencies.
Read More

Axios Developer Tool Attack Highlights Supply Chain Risks

A compromise involving the Axios software development tool has exposed risks in widely used developer ecosystems. Attackers manipulated components within the toolchain, potentially impacting applications that rely on Axios. This type of attack can spread quickly through software supply chains. Developers may unknowingly incorporate compromised code into their projects. Organizations are advised to monitor dependencies and verify package integrity.
Read More

AI-Driven Code Surge Forces Rethink of Application Security

The rapid increase in AI-generated code is forcing organizations to rethink traditional application security practices. While AI accelerates development, it also introduces new vulnerabilities and risks. Security teams are struggling to keep pace with the volume and complexity of code being produced. This shift requires integrating security earlier in the development lifecycle. Experts emphasize the need for automated security testing and governance.
Read More

Attackers Weaponize Legitimate Windows Tools

Threat actors are increasingly using legitimate Windows tools to carry out attacks, a tactic known as “living off the land.” By leveraging built-in utilities, attackers can evade detection by traditional security solutions. These techniques allow them to execute commands, move laterally, and maintain persistence. The approach reduces reliance on custom malware. Organizations should monitor system activity and implement behavioral detection to identify suspicious use of legitimate tools.
Read More

Critical F5 BIG-IP Vulnerability Upgraded to 9.8 Severity

A critical vulnerability in F5 BIG-IP devices has been upgraded to a severity score of 9.8 and is being actively exploited. The flaw could allow remote code execution, posing a significant risk to affected systems. Given the widespread use of BIG-IP in enterprise environments, the impact could be substantial. Security researchers warn that attackers are already targeting unpatched devices. Immediate patching and monitoring are strongly recommended.
Read More

Claude Code Source Leak Raises Security Concerns

A reported leak of Claude Code source material has raised concerns about the exposure of proprietary AI development tools. The leaked information could provide insights into system architecture and potential vulnerabilities. Such leaks increase the risk of targeted attacks and exploitation. The incident highlights the importance of securing intellectual property in AI development. Organizations should strengthen access controls and monitoring around sensitive codebases.
Read More

ChatGPT Vulnerability Could Expose Sensitive Data

A newly discovered vulnerability in ChatGPT could allow exposure of sensitive user data under certain conditions. The issue relates to how the system processes and stores interactions. If exploited, attackers could access confidential information shared within conversations. This raises concerns about privacy and data security in AI platforms. Users and organizations are advised to limit sensitive data sharing and monitor updates from providers.
Read More

Dutch Finance Ministry Takes Banking Portal Offline After Breach

The Dutch Finance Ministry has taken its treasury banking portal offline following a suspected security breach. Authorities are investigating the incident to determine the scope and impact. The portal is used for critical financial operations, making the disruption significant. Officials have implemented precautionary measures to prevent further compromise. The incident highlights the importance of securing government financial systems.
Read More

Qilin Ransomware Targets Dow Inc. in Alleged Breach

The Qilin ransomware group has reportedly breached chemical manufacturing giant Dow Inc., claiming to have stolen sensitive data. The attackers are using typical ransomware tactics, including data exfiltration and extortion. While the full details are still emerging, the incident could have significant implications for industrial operations. Ransomware groups continue to target large enterprises for financial gain. Organizations are urged to strengthen defenses and incident response capabilities.
Read More



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-04-16
  • DJBSEC's CyberNews 2026-04-15
  • DJBSEC's CyberNews 2026-04-14
  • DJBSEC's CyberNews 2026-04-13
  • DJBSEC's CyberNews 2026-04-10