Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Hosted on MSN

New Roblox cheat scripts emerge despite anti-cheat crackdown

Multiple new cheat scripts for popular Roblox games have surfaced online in early 2026, offering automation and exploit features despite Roblox's expansion of automated anti-cheat actions. The tools ...
The Hacker News

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

CVE-2024-3721 and CVE-2023-33538 exploited in TBK DVRs and EoL TP-Link routers, enabling Mirai variants and DDoS risk.
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
New York Post

Google issues 2nd security warning in days over Chrome browser attacks

It’s a case of search-engine failure. Google has issued a security alert to Chrome users after confirming that cybercriminals had exploited a vulnerable system, marking the second such advisory in ...
Crowdfund Insider

DeFi Hack : Solana based Drift Protocol Hit by Record $285M Exploit

Solana-based perpetual futures exchange Drift Protocol fell victim to a large-scale security breach on April 1, 2026. On-chain monitoring firms reported that attackers siphoned roughly $285 million in ...
CoinDesk

North Koreans hackers likely behind $286 million Drift Protocol exploit: Elliptic

Elliptic said Thursday the $285 million Drift Protocol exploit, the largest this year, carries “multiple indicators” of North Korea’s state-sponsored DPRK hacker group involvement. The research firm ...
CoinTelegraph

Drift Protocol says deposits and withdrawals suspended amid active attack

A threat researcher estimates the exploit could reach $200 million and may be linked to a compromised private key. Drift Protocol, a decentralized cryptocurrency exchange (DEX), detected unusual ...
CSOonline

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline. Attackers have exploited a critical Langflow RCE within hours of ...
moneysavingexpert.com

Confused by TSB's 6-month switching Rewards? So was I, so I found a hack to claim both

Many people who switched to TSB’s Spend and Save account last year are now being asked to choose a reward for sticking with the account for six months. You can choose between two rewards – a 12-month ...
Android Authority

A severe iPhone exploit is now public, and anyone can use it

DarkSword, a serious iPhone exploit kit, just leaked on GitHub. If your device is running iOS 18.4 through 18.7 — or legacy versions 15.8.7 or 16.7.15 — you’re vulnerable. Contacts, messages, call ...