A hacktivist group has claimed to have broken into systems belonging to the US Department of Homeland Security (DHS) and exposed sensitive files online.
The group, with the self-awarded name “The Department of Peace”, stole data from the Office of Industry Partnership that contained contracts between DHS, Immigration and Customs Enforcement (ICE), and over 6,000 private companies. Among the companies contracted to work alongside DHS and ICE were Anduril, L3Harris, Raytheon, Palantir, Microsoft, and Oracle.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK manufacturers under cyber fire with 80% reporting attacks
April 1, 2026
Nearly 80 percent of British manufacturers say they’ve been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual. According to security outfit ESET, 78 percent of UK manufacturers admit to suffering at least one cyber incident in the ...
- A laughing RAT: CrystalX combines spyware, stealer, and prankware features
April 1, 2026
In March 2026, Kaspersky researchers discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers. It caught the researchers attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, ...
- Iran targets M365 accounts with password-spraying attacks
March 31, 2026
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes. Tel Aviv-based Check Point Research on Tuesday said that the attackers used multiple source IP addresses to target numerous Microsoft 365 accounts, affecting ...
- North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
March 31, 2026
Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package “axios.” Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named “plain-crypto-js” into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify ...
- GitHub developers targeted by fake VS Code alerts spreading malware
March 30, 2026
Cybercriminals are tricking GitHub into sending out fraudulent email notifications, luring software developers into downloading malware, experts have warned. Security researchers Socket, who said they observed a large-scale, coordinated spam campaign targeting developers on various projects. GitHub has a section called “Discussions”, which is essentially a forum for discussing various projects. When a developer participates in, ...
- Beyond Compliance: How Financial Institutions Can Meet New Fraud-Sharing Mandates While Respecting Privacy
March 30, 2026
Authorized Push Payment (APP) fraud is one of the most damaging forms of digital deception. The pattern repeats itself thousands of times each year: an email from the bank’s security team warning of suspicious activity. A phone call that follows immediately. The caller ID matches. The “fraud prevention officer” knows details about recent transactions. Within minutes, ...