HackenPost blogs - Page 32 of 88

Data Breaches

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into…

September 2, 2025

Data Breaches

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big…

September 1, 2025

Data Breaches

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber…

September 1, 2025

Data Breaches

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka…

September 1, 2025

Data Breaches

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint…

August 30, 2025

Data Breaches

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said…

August 30, 2025

Data Breaches

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve…

August 29, 2025

Data Breaches

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated…

August 29, 2025

Data Breaches

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors…

August 29, 2025

Data Breaches

Can Your Security Stack See ChatGPT? Why Network Visibility Matters

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve…

August 29, 2025

Hand-Picked Top-Read Stories

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Trending Tags

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

Can Your Security Stack See ChatGPT? Why Network Visibility Matters

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection