The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
26 Fake Crypto Wallet Apps Slipped Past Apple's App Store Review
Researchers have flagged 26 fraudulent cryptocurrency wallet applications that cleared Apple's notoriously strict App Store review process. The apps impersonate
AI Agent Memory Is the New Attack Surface — and It's Barely Defended
Persistent memory is what makes modern AI agents useful across sessions, but it is also what makes them durably exploitable. An attacker who plants a poisoned i
AI-Generated Phishing Tops Attacker Toolkits as Defenders Scramble
Phishing remains the dominant intrusion vector, but generative AI has sharpened its edge. Attackers now produce grammatically flawless, context-aware lures at s
Bitwarden CLI npm package hijacked in Checkmarx-linked supply chain attack
A malicious version 2026.4.0 of the @bitwarden/cli npm package sat in the registry for roughly 90 minutes on April 22 before being pulled. The tampered package
Bitwarden CLI Pulled Into Ongoing npm Supply Chain Campaign Tracked by Checkmarx
A malicious package impersonating the Bitwarden command-line client has surfaced as the latest artifact in a supply chain campaign that Checkmarx researchers ha
BlackFile extortion crew uses vishing to plunder Salesforce and SharePoint data
A financially motivated group calling itself BlackFile — also tracked as CL-CRI-1116, UNC6671, and Cordial Spider — has been hitting retail and hospitality targ
Breeze Cache WordPress plugin under active attack via unauth file upload flaw
CVE-2026-3844, a critical 9.8-severity flaw in the Cloudways Breeze Cache plugin, is being actively exploited, with Wordfence logging over 170 attack attempts.
Checkmarx KICS supply chain hit: Docker images and VSCode extensions weaponized
Attackers pushed trojanized versions of Checkmarx's KICS scanner to Docker Hub and compromised the associated VS Code and Open VSX extensions, turning a securit
China-Backed Botnet Operations Shift From Artisanal to Industrial Scale
Dark Reading reports that state-aligned Chinese threat actors have moved botnet construction out of bespoke, campaign-specific work and into something closer to
Chinese APT Weaponizes Legitimate Cloud Services for Mongolia Espionage Campaign
A Chinese advanced persistent threat group is running a surveillance operation against Mongolian targets by piggybacking on trusted cloud infrastructure rather
Chinese phishing campaign tricks NASA staff to reach U.S. defense software
A targeted phishing operation attributed to Chinese actors successfully compromised NASA employees as part of a broader effort to access U.S. defense software.
DOJ Dismantles Myanmar-Based Fraud Ring Preying on American Victims
US authorities have disrupted a Myanmar-based criminal operation that targeted American citizens through financial fraud schemes. The takedown reflects the grow