• admin
• DPRK
• Drift
• abril 5, 2026
• 0 Comentarios

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the…

Continue reading

• admin
• Actively
• CVE202635616
• abril 5, 2026
• 0 Comentarios

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Ravie LakshmananApr 05, 2026Vulnerability / API Security Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as…

Continue reading

• admin
• Deploy
• Exploited
• abril 5, 2026
• 0 Comentarios

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to…

Continue reading

• admin
• ChinaLinked
• European
• abril 3, 2026
• 0 Comentarios

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a…

Continue reading

• admin
• CookieControlled
• Cron
• abril 3, 2026
• 0 Comentarios

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Ravie LakshmananApr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution,…

Continue reading

• admin
• Biggest
• Clients
• abril 3, 2026
• 0 Comentarios

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor…

Continue reading

• admin
• Attack
• Axios
• abril 3, 2026
• 0 Comentarios

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Ravie LakshmananApr 03, 2026Threat Intelligence / Malware The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated…

Continue reading

• admin
• Attack
• DPRK
• abril 3, 2026
• 0 Comentarios

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. «Earlier today, a malicious actor…

Continue reading

• admin
• Android
• Apps
• abril 3, 2026
• 0 Comentarios

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Ravie LakshmananApr 03, 2026Mobile Security / Threat Intelligence Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year…

Continue reading

• admin
• Breach
• Credentials
• abril 2, 2026
• 0 Comentarios

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web…

Continue reading