Chalk one up for defenders. Note

Chalk one up for defenders.

The open source community successfully prevented a significant npm supply chain attack targeting packages with billions of weekly downloads. The U.S. Treasury Department has imposed sanctions on companies operating cyber scam centers in Myanmar and Cambodia. Scammers are leveraging iCloud Calendar invites to distribute callback phishing emails. Researchers have identified a new malware variant that exploits unsecured Docker APIs, potentially blocking rival malware. Phishing attacks are utilizing the Axios user agent and Microsoft's Direct Send feature for automated campaigns. Streaming platform Plex has alerted users to a data breach, advising them to reset their passwords. A notable increase in network scans targeting Cisco ASA devices has been observed, raising security concerns. CISA has postponed the finalization of its cyber incident reporting rule until May 2026. The GAO has reported that federal cybersecurity workforce figures are incomplete and unreliable. Kevin Magee from Microsoft Security joined to discuss cybersecurity education. Additionally, the inaugural AI Darwin Awards were launched to highlight exceptionally poor AI implementations.