The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North… Read MoreThe Hacker News

The post UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed… Read MoreThe Hacker News

The post Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was… Read MoreThe Hacker News

The post New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026.… Read MoreThe Hacker News

The post Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS)… Read MoreThe Hacker News

The post Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker… Read MoreThe Hacker News

The post Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick… Read MoreThe Hacker News

The post ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. “Beyond cryptomining, the threat actor monetizes… Read MoreThe Hacker News

The post Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption… Read MoreThe Hacker News

The post The State of Trusted Open Source Report first appeared on Nyroxis – Cybersecurity & Threat Monitoring.

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected… Read MoreThe Hacker News

The post WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action first appeared on Nyroxis – Cybersecurity & Threat Monitoring.