Attacks from all over

This week highlights a chaotic global threat landscape characterized by aggressive state-sponsored activity from Iran, North Korea, and China, including a high-profile breach of the FBI Director's personal emails and a major supply chain attack on the Axios NPM package. The newsletter underscores a "vigilance-first" approach as cyberattacks move into messaging apps like WhatsApp and Signal, target autonomous vehicles, and exploit outdated Apple hardware. Beyond technical exploits, the report touches on the systemic "skills crisis" in the industry rewritten by AI, the deployment of Google’s Gemini agents to the dark web, and a stern reminder to practice zero-trust protocols as the lines between physical and hybrid cybercrime continue to blur.

AuthorAuthorAuthor

Daniel Masterson, Ai Courtrie Buson & Bard Gee
April 03, 2026

HX Weekly
by Hexagon Center

for the week of March 29, 2026, 115th edition

Your quick weekend update and reminder.
☝️ TWA

Gif by kaydeeweb on Giphy

We share this headline this week because this week’s headlines are filled with attacks, even though they are not all from Iran.

🤷‍♀️ What now?: Be vigilant and practice zero trust. Apple adds macOS Terminal warning to block ClickFix attacks

Tools: Think twice before downloading something. FBI warns against using Chinese mobile apps due to privacy risks

about this edition and Inside Hexagon

This week’s headlines are riddled with amazing hacks that seem to come from all over the place. It was almost difficult to follow because of its varied origins. Because of that, we noticed that we have dropped a lot of headlines during the editing and curating process but the message of each HX Weekly edition remains even stronger than ever — be vigilant.

Our Public Service Announcement (PSA) videos offer a wealth of information despite their brevity. We invite you to subscribe to our YouTube channel and share your feedback regarding the content you find most engaging and any additional topics you would like us to cover. Furthermore, we welcome suggestions for improvement, particularly in the area of video editing, where we recognize there is room for enhancement.

HOUSEKEEPING

Glossary/Legend:

  • Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources. 

  • Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

  1. Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

  2. Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

  3. Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.

DISCLAIMER

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.

Content of this newsletter is not an official representation of Hexagon Center.

Reply

or to participate.