Ghostwire — Trending Cybersecurity Threats
What the cybersecurity community is reporting right now.
Apple добавляет предупреждение о ClickFix-атаках в терминал macOS
Reported by 9 sources: Xakep, CyberPress, GBHackers, BleepingComputer, Malwarebytes Labs
appleclickfixmaco
Axios NPM Packages Breached in Ongoing Supply Chain Attack
Reported by 9 sources: GBHackers, The Hacker News, APT Groups, Habr InfoSec, Supply Chain
axionpmpackagbreachongosupchainattack
Axios npm packages backdoored in supply chain attack
Reported by 7 sources: Help Net Security, The Hacker News, Habr InfoSec, Snyk, ReversingLabs
axionpmpackagbackdoorsupchainattack
Elastic releases detections for the Axios supply chain compromise
Reported by 7 sources: Elastic Security Labs, CyberPress, GBHackers, The Hacker News, SANS ISC
elasticreleasdetectionaxiosupchaincompromise
[Перевод] Как Microsoft «исправляет» Windows 11: цветы после побоев
Reported by 7 sources: Habr InfoSec, The Register, Zero Day Initiative, Infosecurity Magazine, CCN-CERT Spain
microsoftwindow
CVE-2026-28228 - OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
Reported by 7 sources: CVE Feed, CIS Advisories, Zero Day Initiative, Infosecurity Magazine, Exploit-DB
cve202628228openolatserversidetemplateinjecsstiveloctemplat
Axios supply chain attack chops away at npm trust
Reported by 6 sources: Malwarebytes Labs, CyberPress, GBHackers, Snyk, ReversingLabs
axiosupchainattackchopawaynpmtrust
Axios NPM Packages Compromised in Active Supply Chain Attack
Reported by 6 sources: CyberPress, GBHackers, The Hacker News, Snyk, Dark Reading
axionpmpackagcompromisactsupchainattack
Ransomware in 2025: Blending in is the strategy
Reported by 6 sources: Cisco Talos Blog, Infosecurity Magazine, WeLiveSecurity, WeLiveSecurity BR, S2W Talon
ransomware2025blendstrategy
Slopsquatting: the supply chain attack vibe coding made
Reported by 6 sources: Supply Chain, ReversingLabs, Infosecurity Magazine, Dark Reading, Huntress
slopsquatsupchainattackvibecodmade
Microsoft pulls KB5079391 Windows update over install issues
Reported by 5 sources: BleepingComputer, The Register, CCN-CERT Spain, Doyensec, IPA Japan
microsoftpulkb5079391windowupdateinstalissu
RSAC 2026 Recap: From AI Hype to Real SaaS Security Outcomes
Reported by 5 sources: Security Boulevard, WeLiveSecurity, NSFOCUS, Recorded Future, Daniel Miessler
rsac2026recaphyperealsaassecuroutcom
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Reported by 5 sources: Snyk, ReversingLabs, Infosecurity Magazine, Dark Reading, Huntress
axionpmpackagecompromissupchainattackdeliver
Apple counters ClickFix attacks with macOS Terminal warning
Reported by 5 sources: Help Net Security, CyberPress, GBHackers, BleepingComputer, Malwarebytes Labs
applecounterclickfixattackmacoterminwarn
Critical Fortinet Forticlient EMS flaw now exploited in attacks
Reported by 5 sources: Security Affairs, Infosecurity Magazine, Exploit-DB, Huntress, DIVD CSIRT
criticfortinetforticlientemsflawexploitattack
A Vulnerability in F5 Products Could Allow for Remote Code Execution
Reported by 5 sources: CIS Advisories, Zero Day Initiative, Exploit-DB, Huntress, DIVD CSIRT
vulnerabilproductallowremotecodeexecu
Inside the Axios supply chain compromise - one RAT to rule them all
Reported by 5 sources: Elastic Security Labs, The Hacker News, Snyk, CrowdStrike, ReversingLabs
insideaxiosupchaincompromiseoneratrule
CVE-2025-15379 - Command Injection in mlflow/mlflow
Reported by 5 sources: CVE Feed, Zero Day Initiative, JVNDB, JVN, Exploit-DB
cve202515379commandinjecmlflowmlflow
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild
Reported by 5 sources: HackRead, BleepingComputer, Infosecurity Magazine, Dark Reading, Huntress
criticbigipflawupgradrceexploitwild
Iranian hackers threaten to launch terrifying cyber attack on US water supplies if American strikes continue to hit Iran infrastructure
Reported by 5 sources: Russia Cyber, Network Security, Weibo Hot Search, Infosecurity Magazine, Huntress
iranianhackerthreatenlaunchterrifycybattackwat
March 20, 2026
Reported by 4 sources: the grugq, Unit42, Krebs on Security, Cisco Talos
march2026
CVE-2026-30307 - Roo Code Shell Command Injection Vulnerability
Reported by 4 sources: CVE Feed, Zero Day Initiative, Exploit-DB, Chocapikk's Cybersecurity Blog
cve202630307roocodeshelcommandinjecvulnerabil
Beyond the Spectacle – RSAC 2026 and The 5 Layers of AI Security – FireTail Blog
Reported by 4 sources: Security Boulevard, Malwarebytes Labs, This Week in 4n6, AWS Security
beyondspectacle8211rsac2026layersecur8211
Security Week 2614: атака класса supply chain на библиотеку LiteLLM
Reported by 4 sources: Habr InfoSec, Malwarebytes Labs, Risky Business, ReversingLabs
securweek2614supchainlitellm
AI Threat Landscape Digest January-February 2026
Reported by 4 sources: Check Point Research, Rapid7, Huntress, Recorded Future
threatlandscapedigestjanuaryfebruary2026
ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
Reported by 4 sources: SANS ISC, the grugq, Red Canary, Krebs on Security
iscstormcasttuesdaymarch31st2026httpsiscsansedupodcastdetail9872tue
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
Reported by 4 sources: Security Affairs, The Register, Infosecurity Magazine, S2W Talon
cisaaddsflawcitrixnetscalknownexploitvulnerabil
Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
Reported by 4 sources: The Register, Xakep, Infosecurity Magazine, Kaspersky RU
telnyxjoinlitellmlatestpypipackagepoisontied
Risks and Trends of Cyber Insurance in 2026
Reported by 4 sources: AI Security, Unit42, ReversingLabs, Huntress
risktrendcybinsur2026
Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability (CVE-2026-20131)
Reported by 4 sources: Network Security, Infosecurity Magazine, Huntress, DIVD CSIRT
ciscosecurefirewalmanagecentsoftwareremotecode
File read flaw in Smart Slider plugin impacts 500K WordPress sites
Reported by 4 sources: BleepingComputer, Wordfence, Infosecurity Magazine, IPA Japan
filereadflawsmartslidpluginimpact500k
Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident
Reported by 4 sources: Security Affairs, SecurityWeek, Infosecurity Magazine, Daniel Miessler
nearhalfmillionmobilecustomerlloydbankgroup
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
Reported by 4 sources: Security Boulevard, The Hacker News, Habr InfoSec, Snyk
axiohijacknpmaccounttakeovdeploycrossplatformrat
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Reported by 4 sources: Security Affairs, The Hacker News, Infosecurity Magazine, Huntress
russialinkaptta446usesdarkswordexploittargetiphone
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
Reported by 4 sources: Check Point Research, Security Affairs, The Hacker News, Unit 42
operatruechao0dayexploitaagainstsoutheastasiangovern
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
Reported by 4 sources: The Hacker News, Snyk, Infosecurity Magazine, Huntress
axiosupchainattackpushcrossplatformratcompromis
CVE-2026-34005 - Xiongmai DVR/NVR Command Injection Vulnerability
Reported by 4 sources: CVE Feed, JVNDB, Exploit-DB, Daniel Miessler
cve202634005xiongmaidvrnvrcommandinjecvulnerabil
ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
Reported by 4 sources: Zero Day Initiative, Infosecurity Magazine, Exploit-DB, Huntress
zdi26243pwn2ownqnapts453ewritefiletosvrexterncontrolfile
Citrix NetScaler products confirmed to be under exploitation
Reported by 4 sources: Cybersecurity Dive, BSI Germany, SecurityWeek, The Hacker News
citrixnetscalproductconfirmundexploita
Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install
Reported by 4 sources: Security Boulevard, The Hacker News, Habr InfoSec, ReversingLabs
poisonaxionpmaccounttakeovmilliondownloadrat
FBI confirms hack of Director Patel's personal email inbox
Reported by 4 sources: BleepingComputer, Security Affairs, CyberScoop, The Record
fbiconfirmhackdirectpatelpersonemailinbox
CVE-2026-5128 - Steam Trader ArthurFiorette Sensitive Information Exposure and Authentication Bypass Vulnerability
Reported by 3 sources: CVE Feed, Zero Day Initiative, JVNDB
cve20265128steamtradarthurfiorettesensitinformaexposureauthentica
CVE-2026-5018 - code-projects Simple Food Order System Parameter register-router.php sql injection
Reported by 3 sources: CVE Feed, UK NCSC, JVNDB
cve20265018codeprojectsimplefoodordsystemparametregisterrouterphp
Iran-linked hackers breached the email of the FBI director » News of Kyrgyzstan, Bishkek and Osh — latest events today
Reported by 3 sources: Russia Cyber, Hackers, The Hacker News
iranlinkhackerbreachemailfbidirectnewskyrgyzstan
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials
Reported by 3 sources: HackRead, GBHackers, JVNDB
teampcpusesfakeringtonefiletainttelnyxsdk
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
Reported by 3 sources: Help Net Security, Security Affairs, Threatpost
criticfortinetforticlientemsbugundactattack
Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
Reported by 3 sources: BleepingComputer, Security Affairs, Dark Reading
hackerexploitcriticbigipflawattackpatch
CISA Warns of Actively Exploited F5 BIG-IP Vulnerability in Ongoing Attacks
Reported by 3 sources: GBHackers, Securelist, Infosecurity Magazine
cisawarnactiveexploitbigipvulnerabilongoattack
European Commission confirms data breach after Europa.eu hack
Reported by 3 sources: BleepingComputer, CyberPress, GBHackers
europeancommissionconfirmdatabreacheuropaeuhack
The CISO Gap: Why Every Business Needs Cybersecurity Leadership
Reported by 3 sources: Cybersecurity, WeLiveSecurity, Huntress
cisogapwhyeverybusineedcybersecurleadership