HackenPost blogs - Page 5 of 115

Data Breaches

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of…

April 5, 2026

Data Breaches

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins…

April 5, 2026

Data Breaches

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been…

April 5, 2026

Data Breaches

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period…

April 3, 2026

Data Breaches

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and…

April 3, 2026

Data Breaches

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a…

April 3, 2026

Data Breaches

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust,…

April 3, 2026

Data Breaches

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store,…

April 3, 2026

Data Breaches

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security…

April 3, 2026

Data Breaches

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials,…

April 2, 2026

Hand-Picked Top-Read Stories

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

Trending Tags

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)