Daily Security Briefing #215

April 5, 2026 | Read Online

QR code phishing scams surge, Drift hack attributed to DPRK operation, and FortiClient EMS vulnerability exploited…

Executive Summary

Cybersecurity threats continue to escalate with scammers adapting new tactics. The recent surge in QR code phishing scams highlights the importance of vigilance. Meanwhile, a massive $285 million hack has been linked to a six-month-long social engineering operation by the Democratic People’s Republic of Korea (DPRK). Additionally, critical vulnerabilities have been exposed in FortiClient EMS and exploited in attacks.

Top Articles

Traffic Violation Scams Switch to QR Codes Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. BleepingComputer

$285 Million Drift Hack Traced to DPRK Social Engineering Operation The April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People’s Republic of Korea (DPRK) that began in the fall of 2025. The Hacker News

New FortiClient EMS Flaw Exploited in Attacks Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. The flaw, tracked as CVE-2026-35616, allows pre-authentication API access bypass leading to privilege escalation. BleepingComputer

36 Malicious npm Packages Exploit Redis and PostgreSQL Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. The Hacker News

Hackers Exploit React2Shell in Automated Credential Theft Campaign Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. The attackers use the vulnerability to inject malicious code into affected applications. BleepingComputer

Fortinet Patches Actively Exploited CVE-2026-35616 Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), allows an improper access control vulnerability leading to privilege escalation. The Hacker News

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.