DJBSEC's CyberNews 2026-04-06

Proposed CISA Budget Cuts Raise Cybersecurity Concerns

Proposed budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) are raising concerns among security experts and policymakers. The reductions could impact the agency’s ability to defend critical infrastructure and support federal cybersecurity initiatives. Critics argue that scaling back funding comes at a time when cyber threats are increasing in both frequency and sophistication. Supporters of the cuts cite broader government spending priorities. The debate highlights ongoing tensions between budget constraints and national cybersecurity needs. Read More

Claude Ends OpenClaw Subscriptions Amid Security Concerns

Claude has reportedly ended subscriptions related to the OpenClaw AI tool following security concerns about data exposure. The move comes after reports that OpenClaw agents could leak sensitive information due to configuration and design flaws. By shutting down access, the company aims to limit potential misuse and reduce risk. This decision reflects growing scrutiny around AI tools and their handling of sensitive data. Organizations are being reminded to carefully evaluate AI integrations before deployment. Read More

Top Node.js Maintainers Targeted in Social Engineering Attack

Key maintainers in the Node.js ecosystem have been targeted in a social engineering campaign aimed at compromising popular packages. Attackers attempted to trick maintainers into granting access or executing malicious actions. A successful compromise could have widespread impact due to the number of applications relying on Node.js packages. The campaign underscores the importance of securing developer accounts and communications. Maintainers are urged to use strong authentication and verify requests carefully. Read More

Claude Code Leak Used to Distribute Malware

A leak involving Claude Code has been exploited by attackers to distribute Vidar and GhostSocks malware. The attackers used the leaked material to craft convincing malicious payloads targeting developers and users. Once executed, the malware can steal credentials and establish persistent access. This incident highlights the risks associated with leaked code and intellectual property. Organizations should monitor for suspicious activity and secure development assets. Read More

Device Code Phishing Attacks Surge by 37 Times

Device code phishing attacks have surged by 37 times as new phishing kits make the technique more accessible to cybercriminals. These attacks exploit legitimate authentication workflows to trick users into granting access without revealing passwords. Because they rely on trusted platforms, they are harder to detect and block. The increase reflects a shift toward identity-based attacks. Organizations should restrict device code flows and enhance monitoring of authentication events. Read More

Qilin Ransomware Claims Attack on German Political Party

The Qilin ransomware group has claimed responsibility for a cyberattack targeting Germany’s political party Die Linke. The attackers allege they have stolen sensitive data and may release it if demands are not met. Political organizations are increasingly targeted due to the value of their information. The incident highlights ongoing risks to democratic institutions. Authorities are investigating the claims and assessing potential impact. Read More

Fortinet Patches Actively Exploited Vulnerability

Fortinet has released patches for a vulnerability that is being actively exploited in the wild. The flaw could allow attackers to gain unauthorized access or execute malicious actions on affected systems. Given the widespread use of Fortinet products, the risk is significant. Security experts warn that unpatched systems are likely targets. Organizations are urged to apply updates immediately and monitor for compromise. Read More

Malicious NPM Packages Exploit Developers in Supply Chain Attack

Researchers have identified 36 malicious NPM packages designed to exploit developers and compromise systems. The packages were disguised as legitimate tools but contained hidden malicious code. Once installed, they could steal data or introduce backdoors into applications. This highlights ongoing risks in the open-source software supply chain. Developers are advised to carefully vet dependencies and use security tools. Read More

React2Shell Vulnerability Exploited in Automated Campaign

Attackers are actively exploiting the React2Shell vulnerability in automated campaigns to steal credentials. The flaw allows malicious code execution in vulnerable React applications. Once exploited, attackers can harvest sensitive information and gain access to systems. The automated nature of the attacks increases the scale and speed of exploitation. Organizations should patch affected applications and monitor for suspicious activity. Read More