Hackvolt — IT Security News, Cybersecurity & Research & Security Audits

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

NEWSApril 5, 2026014 mins

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come…

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

NEWSApril 3, 2026010 mins

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal…

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

NEWSApril 3, 202604 mins

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than…

The State of Trusted Open Source Report

NEWSApril 2, 2026020 mins

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer…

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

NEWSApril 2, 202605 mins

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. “Beyond…

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

NEWSApril 2, 202608 mins

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk…

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

NEWSApril 1, 202604 mins

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS)…

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

NEWSApril 1, 202608 mins

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s…

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

NEWSApril 1, 202608 mins

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently…

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

NEWSMarch 31, 202605 mins

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day…

Hackvolt — IT Security News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

The State of Trusted Open Source Report

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

The State of Trusted Open Source Report

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent

You May Have Missed