Security lapse lets researchers view React2Shell hackers’ dashboard
CSO Online 03.04.2026 19:10
An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale.
Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT-10608 went to a password protected database behind a web application. However, that application was at one point exposed, allowing the researchers to see data that had been harvested from compromised systems.
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
The Hacker News 03.04.2026 17:34
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.
The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.
"This TA416 activity included multiple
Google patches fourth Chrome zero-day so far this year
CSO Online 03.04.2026 17:29
Google has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281, the company acknowledged that an exploit for it already exists in the wild.
According to the report in NIST’s National Vulnerability Database, the vulnerability in Dawn, the implementation of WebGPU used by Chrome, allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. It advised users to update to Chrome 146.0.7680.178 or newer.
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
CSO Online 03.04.2026 16:18
The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source vulnerability scanner.
The attack on the AWS cloud infrastructure hosting the Europa.eu web hub on March 24 resulted in the theft of 350 GB of data (91.7 GB compressed), including personal names, email addresses, and messages, according to CERT-EU’s analysis.
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
The Hacker News 03.04.2026 15:32
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.
"Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The Hacker News 03.04.2026 11:04
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.
Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a