Cyber Security News

Hacking Editorial Brief: April 6, 2026

North Korean threat actors dominated activity over the weekend with multiple high-impact operations. A DPRK-linked group executed a sophisticated social engineering attack against Solana-based exchange Drift Protocol, draining approximately $285 million after posing as a quantitative trading firm over several months. Separately, North Korean group UNC1069 continued targeting the software supply chain, conducting active campaigns against high-profile Node.js maintainers using tactics similar to their earlier Axios compromise. Another DPRK operation targeting South Korea deployed weaponized Windows shortcuts (LNK files) paired with GitHub-based command-and-control infrastructure to evade detection.

Active exploitation intensified across two major vulnerabilities. Attackers are exploiting CVE-2025-55182 (React2Shell) in a credential harvesting campaign that has compromised at least 766 Next.js hosts across multiple cloud providers and regions, stealing credentials and sensitive data. Google patched CVE-2026-5281, a use-after-free flaw in Chrome's WebGPU implementation being exploited in the wild for potential code execution — one of 21 vulnerabilities addressed in Chrome 146, including 19 high-severity issues. Microsoft published research showing threat actors embedding AI into attack lifecycles, highlighting the Tycoon2FA operation which generates tens of millions of phishing emails monthly and has compromised nearly 100,000 organizations.

Sources: Fortune · CSO Online · SecurityWeek · The Hacker News · Yahoo Finance · eSecurity Planet · Microsoft Security Blog