The LockBit ransomware operation has allegedly hacked Charlie Bears, a popular cuddly toy maker, listing the company as a victim on its darknet leak site. The leaked data includes employee information, training documents, inventories, and novelty bear passports, with the breach impacting the Australian operation.
https://www.cyberdaily.au/security/13412-exclusive-cuddly-toy-maker-charlie-bears-allegedly-hacked

Attackers hijacked the Axios npm account to distribute RAT malware by publishing malicious package updates. Developers who installed compromised versions (1.14.1 and 0.30.4) should assume their systems are compromised, as the malware targets Linux, Windows, and macOS.
https://securityaffairs.com/190221/security/attackers-hijack-axios-npm-account-to-spread-rat-malware.html

The Truth or Fake show debunks a viral Bollywood dance video falsely linked to a hack of FBI Director Kash Patel's emails by an Iranian-linked group. The video, unrelated to Patel, has been circulating online since at least 2020.
https://www.france24.com/en/no-iranian-hackers-didn-t-leak-a-video-of-the-fbi-s-kash-patel-dancing

AI recruiting startup Mercor has confirmed a cyberattack linked to a compromise of the open source project LiteLLM, potentially affecting thousands of companies. The extortion hacking group Lapsus$ has claimed responsibility for targeting Mercor and accessing its data, though the exact connection between the two incidents remains unclear.
https://techcrunch.com/2026/03/31/mercor-says-it-was-hit-by-cyberattack-tied-to-compromise-of-open-source-litellm-project/

Rogers and Fido have confirmed a data breach that resulted in unauthorized access to customer information, including names, contact details, and account numbers. The companies stated that more sensitive data like social insurance numbers and financial information were not compromised, but the full scope of affected customers is still under investigation.
https://www.iphoneincanada.ca/2026/03/28/rogers-and-fido-confirm-data-breach-affecting-customer-information/

Hackers, identified as APT Iran, have reportedly stolen over 375TB of data from Lockheed Martin, a major US defense and aerospace firm. The attackers are allegedly demanding around $400 million to $600 million for the data, which may include sensitive information like F-35 blueprints, and are threatening to sell it to US adversaries.
https://www.cybersecurity-insiders.com/apt-iran-hackers-steal-over-375tb-of-data-from-lockheed-martine/

The thrunt-god GitHub repository introduces a threat hunting command system designed for agentic IDEs, facilitating a five-phase process: Signal, Hunt, Swarm, Receipt, and Publish. It offers commands for managing hunts, mapping environments, shaping hypotheses, and publishing validated findings, with installation instructions provided for various IDEs like Claude Code and Copilot.
https://github.com/backbay-labs/thrunt-god

Unit 42 researchers have uncovered a cyberespionage campaign targeting a Southeast Asian government, involving three distinct threat clusters: Stately Taurus, CL-STA-1048, and CL-STA-1049. These clusters utilize various malware and tools, including backdoors, RATs, and loaders, with evidence suggesting coordination among China-aligned actors to achieve persistent access and data exfiltration.
https://unit42.paloaltonetworks.com/espionage-campaigns-target-se-asian-government-org/

Wikipedia has updated its policies to prohibit contributors from using AI to generate or rewrite content, citing concerns about verifiable sources and core content policies. While limited use for tasks like typo correction and translation is permitted under strict guidelines, the platform is developing methods to identify and address AI-generated text to maintain its standards.
https://siliconangle.com/2026/03/26/wikipedia-cracks-contributors-using-ai-generate-content/

The Tycoon2FA phishing platform has quickly resumed operations after a law enforcement takedown, while Trio-Tech International faces a material breach after ransomware data exposure. The FBI and CISA warn of Russian phishing campaigns targeting messaging apps, and a Russian national was sentenced for enabling ransomware attacks. Additionally, Iran-linked hackers are using Telegram malware against dissidents, Mazda disclosed a breach impacting employee and partner data, and Oracle issued a critical patch for its Identity Manager.
https://www.govinfosecurity.com/breach-roundup-tycoon2fa-phishing-platform-rebounds-a-31220