Security Articles

This article covers TA416, a China-aligned threat actor, resuming targeted campaigns against European government and diplomatic entities since mid-2025 using PlugX malware and OAuth-based phishing techniques.

The Hacker News

21 min read

Security•2026-04-03

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Microsoft Defender Security Research Team details PHP-based web shells on Linux servers that use HTTP cookies as a stealthy command-and-control channel.

The Hacker News

31 min read

Security•2026-04-03

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

North Korean threat actors (UNC1069) compromised the Axios npm package via a targeted social engineering attack against its maintainer, Jason Saayman.

The Hacker News

31 min read

Security•2026-04-03

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

This article argues that third-party risk management (TPRM) has become a critical security challenge and a growth opportunity for MSPs and MSSPs.

The Hacker News

31 min read

Security•2026-04-03

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new variant of the SparkCat malware has been discovered on both the Apple App Store and Google Play Store, targeting cryptocurrency wallet recovery phrases via OCR.

The Hacker News

31 min read

Security•2026-04-03

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift, a Solana-based decentralized exchange, lost $285 million in a sophisticated attack using durable nonces and social engineering, with evidence linking it to North Korean threat actors.

The Hacker News

31 min read

Security•2026-04-02

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

This article covers a large-scale credential harvesting campaign exploiting CVE-2025-55182, a critical Next.js vulnerability, to compromise 766 hosts across multiple cloud providers.

The Hacker News

11 min read

Security•2026-04-02

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released patches for two critical vulnerabilities (CVSS 9.8) affecting the Integrated Management Controller (IMC) and Smart Software Manager On-Prem (SSM On-Prem).

Google Cloud

339 min read

Security•2026-04-02

vSphere and BRICKSTORM Malware: A Defender's Guide

This post provides a defender's framework for securing VMware vSphere environments against BRICKSTORM malware, which establishes persistence at the virtualization layer beneath traditional security tools.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

This week's ThreatsDay Bulletin covers a range of active cybersecurity threats including exploit chains, Android rootkits, and supply chain attacks.

The Hacker News

21 min read

Security•2026-04-02

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Elastic Security Labs uncovered a financially motivated threat campaign (REF1695) using ISO file lures to distribute RATs and cryptocurrency miners since November 2023.

The Hacker News

11 min read

Security•2026-04-02

The State of Trusted Open Source Report

This report analyzes open source consumption patterns, vulnerability trends, and remediation data across container image projects from Q4 2025 through Q1 2026.