Omax Autos Ltd Confirms Restoration After Ransomware Attack

Omax Autos Ltd, an Indian auto parts manufacturer, restored its IT systems by April 3, 2026, following a ransomware attack that targeted its infrastructure but reportedly spared core operations.

****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/omax-autos-ltd-confirms-restoration-after-ransomware-attack-g-3-2-b-0/gD2P6Ple2L

Anthropic Claude Code Security Bypass Exposes Developer Credentials

Anthropic's Claude Code AI agent contains a security bypass that allows attackers to evade deny rules by padding shell commands with over 50 subcommands. This flaw enables silent credential theft when developers interact with malicious repositories.

**Update Claude Code to version 2.1.90 asap because your security deny rules can be bypassed by long commands. Be careful of external repos that may contain malicious CLAUDE.md files. Never trust AI agents with full shell access unless you verify the repositories you are working on.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/anthropic-claude-code-security-bypass-exposes-developer-credentials-t-g-f-1-y/gD2P6Ple2L

Critical Authentication Bypass in Dgraph Database Allows Remote Takeover

Dgraph disclosed a critical authentication bypass vulnerability (CVE-2026-34976) in its administrative API that allows unauthenticated attackers to overwrite databases and read sensitive server files.

**If you are using Dgraph, this is urgent. Immediately make sure that public access to Dgraph's administration port 8080 is blocked, and add restoreTenant to adminMutationMWConfig: "restoreTenant": gogMutMWs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-dgraph-database-allows-remote-takeover-a-s-2-r-4/gD2P6Ple2L

State of (in)security - Week 14, 2026

During the week of March 30–April 6, 2026, cybersecurity activity included 11 vulnerability advisories (featuring actively exploited zero-days in Citrix, Fortinet, and TrueConf) and 20 incidents dominated by ransomware/malware (5), third-party compromises (3), and heavily hitting healthcare (6) and tech (4). At least 178,530 individuals are affected, led by the DocketWise breach exposing 116,000 immigration client records.

**This week, focus on patching critical and actively exploited flaws in Cisco and Fortinet. Hackers love these systems, because they can't really be isolated from the internet - they are designed to be visible.**
#cybersecurity #infosec #knowledge #weeklyreport
https://beyondmachines.net/event_details/state-of-in-security-week-14-2026-4-w-k-u-i/gD2P6Ple2L

36 Malicious npm Packages Target Guardarian Infrastructure via Strapi Plugins

A coordinated supply chain attack involving 36 malicious npm packages targeted the cryptocurrency platform Guardarian to steal database credentials and wallet keys. The campaign exploited Redis and Docker vulnerabilities to deploy persistent, fileless backdoors on production Strapi CMS servers.

**If you use Strapi, immediately audit your node_modules for any of these 36 malicious packages: legitimate Strapi plugins are always scoped under @strapi/, so any unscoped strapi-plugin-* package should be treated as suspicious and removed. If any were installed, assume full compromise: rotate all credentials, secrets, and keys, revoke database and API tokens, and investigate your environment for reverse shells or unauthorized cron jobs.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/36-malicious-npm-packages-target-guardarian-infrastructure-via-strapi-plugins-0-y-5-g-3/gD2P6Ple2L