The Hacker News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

The Hacker News April 5, 2026

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination...

Read More Read more about $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

The Hacker News April 4, 2026

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS...

Read More Read more about 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

The Hacker News April 4, 2026

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has...

Read More Read more about Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

The Hacker News April 3, 2026

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a...

Read More Read more about China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

The Hacker News April 3, 2026

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers...

Read More Read more about Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The Hacker News April 3, 2026

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of...

Read More Read more about UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

The Hacker News April 3, 2026

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they...

Read More Read more about Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

The Hacker News April 3, 2026

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play...

Read More Read more about New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

The Hacker News April 3, 2026

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a...

Read More Read more about Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

The Hacker News April 2, 2026

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database...

Read More Read more about Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials