Trending This Week

This article covers TA416, a China-aligned threat actor, resuming targeted campaigns against European government and diplomatic entities since mid-2025 using PlugX malware and OAuth-based phishing techniques.

The Hacker News

11 min read

Security•2026-04-03

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Microsoft Defender Security Research Team details PHP-based web shells on Linux servers that use HTTP cookies as a stealthy command-and-control channel.

The Hacker News

31 min read

Security•2026-04-03

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

North Korean threat actors (UNC1069) compromised the Axios npm package via a targeted social engineering attack against its maintainer, Jason Saayman.

The Hacker News

31 min read

Security•2026-04-03

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

This article argues that third-party risk management (TPRM) has become a critical security challenge and a growth opportunity for MSPs and MSSPs.

The Hacker News

31 min read

Security•2026-04-03

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new variant of the SparkCat malware has been discovered on both the Apple App Store and Google Play Store, targeting cryptocurrency wallet recovery phrases via OCR.

The Hacker News

31 min read

Security•2026-04-03

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift, a Solana-based decentralized exchange, lost $285 million in a sophisticated attack using durable nonces and social engineering, with evidence linking it to North Korean threat actors.

KernelEvolve: How Meta’s Ranking Engineer Agent Optimizes AI Infrastructure

This is the second post in the Ranking Engineer Agent blog series exploring the autonomous AI capabilities accelerating Meta’s Ads Ranking innovation. The previous post introduced Ranking Engineer Agent’s ML exploration capability, which autonomously designs, executes, and analyzes ranking model experiments. This post covers how to optimize the low-level infrastructure that makes those models run [...] Read More... The post KernelEvolve: How Meta’s Ranking Engineer Agent Optimizes AI Infrastructure appeared first on Engineering at Meta.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

This article covers a large-scale credential harvesting campaign exploiting CVE-2025-55182, a critical Next.js vulnerability, to compromise 766 hosts across multiple cloud providers.

Dropbox

31 min read

Backend•2026-04-02

Improving storage efficiency in Magic Pocket, our immutable blob store

This post explains how Dropbox improved storage efficiency in Magic Pocket, their immutable exabyte-scale blob store, after a fragmentation incident caused by a new service.

Introducing Gemma 4 on Google Cloud: Our most capable open models yet

Google Cloud announces the release of Gemma 4, its most capable open model family built from Gemini 3 research under Apache 2.0 license.

AI & Machine Learning

Google Cloud

35 min read

Data Engineering•2026-04-02

How Honeylove boosts product quality and service efficiency with BigQuery

Honeylove, a fashion-tech company, shares how they use Google BigQuery and Gemini to unify data, automate insights, and improve product quality and service efficiency.

AI & Machine Learning

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released patches for two critical vulnerabilities (CVSS 9.8) affecting the Integrated Management Controller (IMC) and Smart Software Manager On-Prem (SSM On-Prem).