HackenPost blogs - Page 100 of 110

Data Breaches

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a…

April 28, 2025

Data Breaches

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging…

April 28, 2025

Data Breaches

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks…

April 28, 2025

Data Breaches

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud…

April 27, 2025

Data Breaches

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed…

April 26, 2025

Data Breaches

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute…

April 25, 2025

Data Breaches

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the…

April 25, 2025

Data Breaches

Why NHIs Are Security’s Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt.…

April 25, 2025

Data Breaches

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited,…

April 25, 2025

Data Breaches

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation of a now-patched…

April 25, 2025

Hand-Picked Top-Read Stories

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Trending Tags

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Why NHIs Are Security’s Most Dangerous Blind Spot

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

The State of Trusted Open Source Report