CSO Online

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Critical Cisco IMC auth bypass gives attackers Admin access

Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) ...
SecurityWeek

New DeepLoad Malware Dropped in ClickFix Attacks

The new DeepLoad malware has been distributed in ClickFix attacks to steal user credentials and install a rogue browser ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
Nature

Primer: pitfalls of aspiration and injection

This review on joint aspiration and injection focuses on three common clinical problems: how to deal with 'dry taps', especially when a septic joint is suspected in the differential diagnosis; how to ...