Hasbro takes some systems offline after cybersecurity incident
Hasbro disclosed that it detected unauthorized access on March 28 and responded by taking some systems offline, with the disruption affecting parts of its ability to ship products and process orders. The company said the investigation is still underway, so the bigger issue for defenders is that even a limited statement like this usually signals a potentially wider business impact while scope, access, and data exposure are still being worked through.
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
Google pushed a Chrome 146 update to fix 21 flaws, including CVE-2026-5281, a use-after-free bug in the Dawn graphics component that Google said is being exploited in the wild. With this now the fourth Chrome zero-day patched this year, the practical takeaway is straightforward: enterprise browser updates need to move fast, because browser bugs remain one of the cleanest paths to initial compromise.
European-Chinese geopolitical issues drive renewed cyberespionage campaign
Proofpoint says the China-linked group TA416 has shifted attention back toward Europe, especially diplomatic missions and entities tied to NATO and the EU, after spending the last few years focused more heavily on Southeast Asia, Taiwan, and Mongolia. The report ties the renewed targeting to geopolitical friction and notes the group has continued refining delivery chains while keeping the same general objective of landing custom PlugX malware through DLL sideloading.
Mitigating the Axios npm supply chain compromise
Microsoft attributed the malicious Axios npm releases to Sapphire Sleet, a North Korean state actor, and said the poisoned versions silently pulled a second-stage RAT during installation on Windows, macOS, and Linux. Because the backdoored releases relied on dependency insertion and install-time execution rather than obvious application changes, this is another sharp reminder that trusted package ecosystems can still become efficient delivery channels for cross-platform malware at scale.
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
WhatsApp said it alerted about 200 users who were tricked into installing a counterfeit iOS version of the app loaded with spyware, with most of the known targets reportedly in Italy. The company says it has logged affected users out, urged them to remove the malicious app, and is taking action against Asigint, an Italian subsidiary of spyware vendor SIO, which highlights how commercial surveillance tooling keeps bleeding into real-world mobile targeting through app impersonation and social engineering.
The post InfoSec News Nuggets 04/02/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
