The Hacker News Archives - Page 8 of 155

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

[email protected] The Hacker News April 6, 2026

Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry...

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

[email protected] The Hacker News April 6, 2026

Ravie LakshmananApr 05, 2026Vulnerability / API Security Fortinet has released out-of-band patches for a critical security flaw...

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

[email protected] The Hacker News April 6, 2026

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a...

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

[email protected] The Hacker News April 6, 2026

Ravie LakshmananApr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel...

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

[email protected] The Hacker News April 3, 2026

Ravie LakshmananApr 03, 2026Threat Intelligence / Malware The maintainer of the Axios npm package has confirmed that the...

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

[email protected] The Hacker News April 3, 2026

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they...

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

[email protected] The Hacker News April 3, 2026

Ravie LakshmananApr 03, 2026Mobile Security / Threat Intelligence Cybersecurity researchers have discovered a new version of the SparkCat malware...

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

[email protected] The Hacker News April 3, 2026

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

[email protected] The Hacker News April 2, 2026

Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as...

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

[email protected] The Hacker News April 2, 2026

Ravie LakshmananApr 02, 2026Network Security / Vulnerability Cisco has released updates to address a critical security flaw in...

The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

You may have missed

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul