HackenPost blogs - Page 2 of 106

Data Breaches

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to…

March 23, 2026

Data Breaches

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the…

March 23, 2026

Data Breaches

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA),…

March 23, 2026

Data Breaches

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like…

March 21, 2026

Data Breaches

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager…

March 21, 2026

Data Breaches

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS,…

March 21, 2026

Data Breaches

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting…

March 21, 2026

Data Breaches

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span…

March 20, 2026

Data Breaches

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting…

March 20, 2026

Data Breaches

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period…

March 20, 2026

Hand-Picked Top-Read Stories

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Trending Tags

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials