Apps | Hawkeye Cybersecurity

Apps

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog …

Apps

Trojanized PyPI AI Proxy Uses Stolen Claude Prompt to Exfiltrates Data

A malicious Python package has been discovered on PyPI that disguises itself as a privacy-focused AI inference tool while quietly stealing sensitive user data in the background. Named hermes-px, the package …

Apps

Hackers Drain $286 Million From Drift Protocol in Suspected North Korea-Linked Exploit

The largest decentralized perpetual futures exchange on the Solana blockchain — became the target of a massive and well-orchestrated theft on April 1, 2026, Drift Protocol. Unknown attackers managed to …

Apps

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as completely routine CI build configuration updates. The campaign, prt-scan exploits a widely misused …

Apps

DPRK Cyber Program Uses Modular Malware Strategy to Evade Attribution and Survive Takedowns

North Korea’s cyber program has fundamentally shifted how it builds and deploys malware. Rather than relying on one all-purpose hacking tool, the regime has assembled a fragmented ecosystem of purpose-built …

Apps

Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and …

Apps

New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In

A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed ShareFile Storage Zones Controller 5.x …

Apps

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete source code for Claude Code, …

Apps

Top Node.js Maintainers Targeted in Sophisticated Social Engineering Scheme

A highly coordinated social engineering campaign is actively targeting top open-source developers in the Node.js and npm ecosystem. Following the recent compromise of the popular package Axios, which sees over …

Apps

Top 10 Best User Access Management Tools in 2026

User Access Management tools centralize control over user permissions and access, providing a unified platform to enforce consistent security policies across diverse systems and applications. They enhance security by implementing …

Category: Apps