Top open source AI platform Flowise hit by maximum-level security issue

A 10/10 Flowise bug was patched, but is now being abused in the wild.

,
US agencies warn Iranian hackers are targeting American critical infrastructure — causing ‘disruptive effects within the United States’

Iran war spills into US cyberspace, affecting critical infrastructure organizations.

,
Final 3 days to save up to $500 on your TechCrunch Disrupt 2026 pass

Save up to $500 on your TechCrunch Disrupt 2026 pass until April 10, 11:59 p.m. PT. Secure your spot at the center of the tech ecosystem. Register here.

, , , , , , , , , , , , , ,
Third-party integration tool Anodot data breach hits Snowflake customers

A supply chain attack has, once again, affected at least a dozen Snowflake customers.

,
‘This puts organizations at risk of credential theft, data manipulation and broader compromise’: UK government, Microsoft warn Russian hackers are hitting TP-Link home routers to hijack internet traffic

SOHO endpoints are being used as gateways into corporate environments, where credentials and sensitive data gets harvested.

,
‘A new frontier model trained by Anthropic that we believe could reshape cybersecurity’: Project Glasswing wants to use AI to prevent AI cyberattacks — but will ‘overeager’ Claude Mythos do more damage than help?

Anthropic and a number of other companies reveal Project Glasswing – which is so powerful, it won’t be released publicly.

, ,
Men Are Buying Hacking Tools to Use Against Their Wives and Friends

In Telegram groups, men are sharing thousands of nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse.

, ,
Microsoft flags China-based hackers using vicious new ‘rapid attack’ zero-days to launch ransomware at targets across the world

Microsoft warns the window to patch known flaws is shrinking, while the window to abuse zero-days grows.

,
‘By combining trusted platforms with legitimate tools, the threat actor reduces visibility and increases the likelihood of successful execution’: Microsoft warns WhatsApp users to exercise extra caution — or pay the price

Microsoft warns WhatsApp users that VBS malware uses cloud services and renamed tools to gain persistent, hidden control over systems.

,
‘Stolen session cookies render MFA irrelevant’: How $900-per-month turnkey malware is putting enterprise-grade account hijacking in the hands of rookie hackers

Storm infostealer hijacks session cookies, bypassing multi-factor authentication, harvesting credentials, and enabling persistent account access across enterprise and cryptocurrency systems globally.

,