HackenPost blogs - Page 3 of 112

Data Breaches

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security…

April 3, 2026

Data Breaches

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials,…

April 2, 2026

Data Breaches

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since…

April 2, 2026

Data Breaches

The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data…

April 2, 2026

Data Breaches

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version…

April 2, 2026

Data Breaches

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from…

April 2, 2026

Data Breaches

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which…

April 1, 2026

Data Breaches

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on…

April 1, 2026

Data Breaches

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated…

April 1, 2026

Data Breaches

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had…

April 1, 2026

Hand-Picked Top-Read Stories

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Trending Tags

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

The State of Trusted Open Source Report

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV