$285M Hack Proved DeFi’s Decentralisation Promise Is Still A Fiction

Somewhere between the first smart contract audit and the hundredth, the attack surface moved. Nobody noticed, except the ...
Morning Overview on MSN

Hackers hide credit-card skimmer code inside 1×1-pixel SVG images

A credit card skimmer campaign discovered in early 2025 and still actively tracked as of April 2026 has compromised an ...

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over ...

Hackers use pixel-large SVG trick to hide credit card stealer

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code ...

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
The Hacker News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...
The Hacker News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.