Security news.
Today's security landscape is marked by critical vulnerabilities under active exploitation and sophisticated social engineering campaigns. Fortinet has released an emergency patch for a FortiClient EMS flaw, while a major cryptocurrency hack has been attributed to a months-long DPRK operation.
Fortinet FortiClient EMS Flaw Actively Exploited
Fortinet has issued an emergency patch for a critical FortiClient Enterprise Management Server (EMS) vulnerability (CVE-2026-35616) that is actively being exploited in attacks.
$285 Million Drift Hack Linked to DPRK Social Engineering
The recent $285 million theft from Solana-based decentralized exchange Drift was the result of a six-month, meticulously planned social engineering operation by the Democratic People's Republic of Korea (DPRK).
Hackers Exploit React2Shell in Credential Theft Campaign
A large-scale automated credential theft campaign is underway, exploiting the React2Shell vulnerability (CVE-2025-55182) in vulnerable Next.js applications.
Traffic Violation Scams Use QR Codes in Phishing Texts
Scammers are now using QR codes in fake "Notice of Default" traffic violation text messages to direct recipients to phishing sites that steal personal and financial information.
36 Malicious npm Packages Exploit Redis, PostgreSQL
Researchers have uncovered 36 malicious npm packages disguised as Strapi CMS plugins, designed to exploit Redis and PostgreSQL, deploy reverse shells, and steal credentials.
Axios npm Hack Used Fake Teams Error Fix to Hijack Account
The maintainers of the Axios HTTP client detailed how a developer was targeted by a social engineering campaign, believed to be from North Korean actors, using a fake Microsoft Teams error fix.
Device Code Phishing Attacks Surge 37x
Device code phishing attacks, which abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts, have seen a more than 37-fold increase this year due to new kits spreading online.
European Commission Confirms Data Breach from Trivy Attack
The European Commission has confirmed a data breach linked to a Trivy supply chain attack, resulting in the theft of over 300GB of data, including personal information, from its AWS environment.