AttackFeed by Joe Wagner

Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. “The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular  – … Read More “MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors  – The Hacker News” »

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with … Read More “Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime  – The Hacker News” »

Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped and how to protect your network.  – Read More  – Hackread – Cybersecurity News, Data … Read More “MAESTRO Toolkit Exploiting VMware VM Escape Vulnerabilities  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

Large businesses or governments aren’t the only ones threatened by cyber attacks. Every organization is now equally threatened.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The post Hegseth, Gabbard tap Tim Kosiba as NSA deputy director after months of cyber leadership tumult appeared first on CyberScoop.   – Read More  – CyberScoop 

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final … Read More “China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines  – The Hacker News” »

A trio of Senate Democrats are calling on Apple and Google to drop Elon Musk’s X from app stores as international regulators in Europe and Britain took steps towards investigations of the site’s mass undressing of users using Grok’s AI tool. On Friday, Senators Ron Wyden, D-Ore., Ben Ray Luján, D-N.M., and Ed Markey, D-Mass., … Read More “Dems pressure Google, Apple to drop X app as international regulators turn up heat  – CyberScoop” »

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed … Read More “Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations  – The Hacker News” »

A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

In our previous Kenwood DNR1007XR blog, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of the main PCB. In this post, we aim to outline the attack surface of the DNR1007XR in the hopes of providing inspiration for vulnerability research. We will cover the main supported technologies … Read More “Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part Two  – Zero Day Initiative – Blog” »

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise … Read More “Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)  – The Hacker News” »

Billionaire Chen Zhi and associates Xu Ji Liang and Shao Ji Hui have been extradited to China. This exclusive report details the collapse of the Prince Group’s global scam network, the seizure of $15 billion in Bitcoin, and the forced labour camps behind the billion-dollar pig butchering fraud.  – Read More  – Hackread – Cybersecurity … Read More “$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows – ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate … Read More “CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024  – The Hacker News” »

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case … Read More “Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions  – The Hacker News” »

The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges – marking one of the few successful US prosecutions of a stalkerware operator. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. “As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)  … Read More “FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing  – The Hacker News” »

Talha Tariq and his colleagues at Vercel, the company that maintains Next.js, endured many sleep-deprived nights and weekends when React2Shell was discovered and disclosed soon after Thanksgiving. The defect, which affects vast stretches of the internet’s underlying infrastructure, posed a significant risk for Next.js, an open-source library that depends on vulnerable React Server Components. He … Read More “Inside Vercel’s sleep-deprived race to contain React2Shell  – CyberScoop” »

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On … Read More “Who Benefited from the Aisuru and Kimwolf Botnets?  – Krebs on Security” »

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A critical vulnerability (CVE-2026-21877) found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

CrowdStrike is buying identity management startup SGNL, a move that underscores how identity security has become a central battleground in enterprise cybersecurity as companies add cloud services and deploy AI-driven tools. The cybersecurity firm did not disclose financial terms in a Thursday announcement, but CrowdStrike CEO George Kurtz told CNBC the deal is valued at … Read More “CrowdStrike to buy identity startup SGNL for nearly $740M  – CyberScoop” »

Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his “best friend,” even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice.  – Read More  – Hackread – Cybersecurity News, Data … Read More “US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. “The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact … Read More “WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging  – The Hacker News” »

The Trump administration is withdrawing the United States from a handful of international organizations that work to strengthen cybersecurity. As part of a broader pullback from 66 international organizations, the administration is leaving the Global Forum on Cyber Expertise, the Online Freedom Coalition and the European Centre of Excellence for Countering Hybrid Threats. Trump’s decision … Read More “Trump pulls US out of international cyber orgs  – CyberScoop” »

Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop  … Read More “China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes  – The Hacker News” »

As collective disgust has continued to build over the widespread generation and sharing of nonconsensual, sexualized deepfakes generated by X’s GrokAI tool, angry onlookers have expressed shock that the activity continues unabated and company owner Elon Musk isn’t being compelled – by either U.S. regulators or law enforcement – to put a halt to the … Read More “‘Elon Musk is playing with fire:’ All the legal risks that apply to Grok’s deepfake disaster  – CyberScoop” »

Bryan Fleming, founder of pcTattletale, pleads guilty in a landmark federal spying case. Read how an undercover HSI sting and a data breach ended a decade of illegal stalkerware sales.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave … Read More “ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories  – The Hacker News” »

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half … Read More “The State of Trusted Open Source  – The Hacker News” »

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows – CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated  – Read More  – … Read More “Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances  – The Hacker News” »

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.” bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) “The  … Read More “Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages  – The Hacker News” »

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to  – … Read More “Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release  – The Hacker News” »