New story: DPRK social engineering campaign behind the $285M Drift DEX heist — six months of patient infiltration, consistent with TraderTraitor playbook. Combined with the continuing Axios/Stardust Chollima supply chain compromise, Pyongyang had a productive Sunday. React2Shell (CVE-2025-55182) evolved from "no new coverage" this morning to an active automated credential theft campaign against Next.js apps — if you're running unpatched RSC, the window closed today. Otherwise quiet: FortiClient EMS and the geopolitical situation produced no new intelligence since morning.
DPRK operatives spent six months cultivating access to Drift, a Solana-based DEX, before executing a $285M theft on April 1. No specific APT group named yet, but the tradecraft — protracted relationship-based infiltration of crypto infrastructure — is textbook TraderTraitor/UNC4899. This is now among the largest single crypto heists on record and another line item in Pyongyang's DeFi revenue program.
No IOCs or CVEs published in this initial disclosure. Watch for blockchain forensics attribution from Chainalysis/TRM Labs and potential OFAC mixer address designations. The six-month runway strongly suggests fake employment or contractor insertion — the specific vector matters for defensive guidance, and follow-up reporting should clarify whether this was a job offer chain, compromised insider, or vendor impersonation.
Two major DPRK financial operations surfacing in the same news cycle (this + Axios/Stardust Chollima) isn't coincidence — it's operational tempo. The regime's crypto theft apparatus is running multiple parallel campaigns across supply chain and social engineering vectors simultaneously.
Source: The Hacker News
Since morning: Escalated from "no new coverage" to confirmed mass exploitation campaign.
BleepingComputer reports a large-scale automated credential harvesting campaign exploiting React2Shell in Next.js applications using React Server Components. KEV due date was December 2025 — four months overdue. EPSS 0.65 understates real-world risk given confirmed automation at scale. The article is thin on technical detail (no IOCs, no named actors), but the automation angle means this is harvesting operations, not targeted intrusion — expect credential dumps to surface in underground markets within weeks.
If you're running Next.js with RSC and haven't patched, this is no longer a patching queue item. It's an incident response item.
Source: BleepingComputer
sfrclak[.]com, 142.11.206.73:8000).Four more MCP server implementations disclosed with OS command
injection or SSRF today: Vale-MCP (CVE-2026-5621),
mcp-summarization-functions (CVE-2026-5619), magento2-dev-mcp
(CVE-2026-5603), and mcp-browser-agent (CVE-2026-5607). All in tool
registration or handler paths in TypeScript servers running with full
user privileges. This follows yesterday morning's heim-mcp disclosure
(CVE-2026-5602) and confirms the pattern: MCP authors are shipping
child_process.exec() calls with unsanitized inputs as a
matter of course. Anyone deploying MCP infrastructure in agentic AI
workflows should audit every installed server for shell execution paths.
The attack surface is growing faster than the ecosystem can secure
it.
Sources: VulDB 355411 · 355409 · 355395 · 355398
Five CVEs against assafelovic/gpt-researcher: code injection via WebSocket endpoint (CVE-2026-5631), missing authentication on the entire HTTP REST API (CVE-2026-5632), SSRF (CVE-2026-5633), and two XSS instances (CVE-2026-5625, CVE-2026-5630). The unauth API + code injection combination means anyone who can reach the service owns the box. gpt-researcher is a popular AI research automation tool increasingly deployed in networked environments — continuing the morning's AI tooling vulnerability wave that hit agenticSeek, Tencent AI-Infra-Guard, and friends.
Sources: VulDB 355415 · 355418 · 355419 · 355420 · 355421
SMS campaign sending fake "Notice of Default" traffic violation notices with QR codes redirecting to credential harvesting sites. The QR pivot is tactically sound: bypasses SMS URL filtering, lands in mobile browser context outside enterprise security tooling visibility. $6.99 payment amount calibrated below scrutiny threshold. Consumer-targeting, but the technique (QR → mobile browser → credential harvest) is directly transferable to enterprise phishing. No IOCs extracted.
Source: BleepingComputer
Hard-coded SERVER_SECRET in token.ts means anyone who
reads the source (it's open-source, so: everyone) can forge valid auth
tokens for any account. SSRF in the Import endpoint compounds this with
internal network pivot capability. Self-hosted Huly deployments should
patch immediately.
Sources: VulDB 355412 · VulDB 355413
CrowdStrike detection blog landed in this cycle. EPSS 0.00045. No new technical detail or exploitation evidence beyond the April 3 detection guidance already referenced in the morning digest.
~25 entries skipped: 14 general-section drops (8 CrowdStrike marketing posts continuing their perfect streak of zero intelligence value, a Risky Business sponsored segment, HN forum debris, and assorted policy/dev-tooling pieces) and 11 VulDB disclosures against tutorial-grade PHP applications (PHPGurukul Online Shopping Portal, projectworlds Car Rental, and similar targets that exist primarily as CVE farming substrate).
The afternoon's signal is the DPRK cluster: $285M Drift heist via six-month social engineering, plus the formal CrowdStrike attribution of Axios to Stardust Chollima. Two distinct operational arms (supply chain + social engineering), two distinct financial targets (npm ecosystem + DeFi protocol), running in parallel. This is Pyongyang's financial warfare apparatus operating at industrial scale — and the Drift disclosure confirms the patient, relationship-based infiltration tradecraft that makes these operations so difficult to detect pre-execution. The React2Shell credential campaign evolving from quiet to active mass exploitation is the other item that moved today. The MCP and AI tooling vulnerability wave continues to build but hasn't produced exploitation evidence yet — it's research-driven disclosure, not attacker-driven. Monday's priorities remain the Iran 48-hour ultimatum expiry, Trivy KEV deadline Wednesday, and FortiClient EMS patching.