AttackFeed by Joe Wagner

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised  – Read More  – … Read More “Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit  – The Hacker News” »

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. “The chatgpt.com response renderer trusts Markdown links and Markdown  – … Read More “ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface  – The Hacker News” »

A Tennessee man accused of abusing and sexually exploiting children while actively participating in 764, a sprawling online nihilistic violent extremist collective affiliated with The Com, pleaded not guilty Thursday to a series of charges that could keep him locked up for 50 years. Zachary Sweeney has allegedly victimized multiple children, on numerous occasions grooming … Read More “Tennessee man linked to 764 accused of series of crimes against children dating back to 2022  – CyberScoop” »

A Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users. The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and … Read More “Federal audit reveals NIST’s NVD is plagued by poor planning and duplication  – CyberScoop” »

Email still reaches more people than any other digital channel. Getting it to actually land in the inbox…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to  … Read More “New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks  – The Hacker News” »

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day  … Read More “Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal  – The Hacker News” »

Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved … Read More “What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks  – The Hacker News” »

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to  – … Read More “Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets  – The Hacker News” »

Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex … Read More “Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels  – The Hacker News” »

New York, USA, 28th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A Google security engineer was arrested in New York and charged with crimes related to bets he allegedly placed on Polymarket using confidential information he pulled from Google systems, the Justice Department said Wednesday.  Michele Spagnuolo, a 36-year-old Italian citizen who lives in Switzerland, is accused of placing multiple trades on the prediction marketplace last … Read More “Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket  – CyberScoop” »

A House subcommittee will hold an open hearing next week on how frontier artificial intelligence models are shaping the cybersecurity landscape, for good and for ill. The June 4 hearing will be the second the Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection has held that was focused at least in part on the subject, … Read More “House panel poised to hold hearing centered on AI impact on cyber  – CyberScoop” »

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. “The vulnerability allows any authenticated user to achieve … Read More “Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code  – The Hacker News” »

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer payload as a Fortinet endpoint  – Read More  – The Hacker … Read More “Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer  – The Hacker News” »

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now – meanwhile some researcher casually drops a technique that turns … Read More “ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More  – The Hacker News” »

Security researchers chained together five separate weaknesses in the popular workflow automation service Zapier that, if first discovered by a malicious actor, could have granted access to millions of user accounts and the systems those accounts connect to. The flaws, disclosed by security firm Token Security, did not require malware or insider access. The only … Read More “Zapier fixes bug chain that researchers say risked widespread account takeover  – CyberScoop” »

A notorious ransomware gang claims to have stolen MyPillow’s private data, but CEO Mike Lindell calls it a politically motivated “hit job.” With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don’t understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily … Read More “New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”  – The Hacker News” »

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. “These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure,” Wiz researchers Shira Ayal,  – Read More  – The … Read More “JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware  – The Hacker News” »

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and when one journalist asked the company how often it hands user … Read More “Smashing Security podcast #469: What your Oura ring won’t tell you  – GRAHAM CLULEY” »

Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Anna Turley gives Reform leader 24 hours to report Russian hacking claim in ‘public and national interest’ The Labour chair has given Nigel Farage 24 hours to report to security services the claim that his phone was hacked by Russia-linked actors or the party will do it for him. In a letter to the Reform … Read More “Report ‘phone hack’ to police or I will do it for you, Labour chair tells Farage  – Data and computer security | The Guardian” »

Can Big Data predict markets? Learn how AI, investor behavior, and digital signals shape modern forecasting across stocks and crypto trends.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse.  The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought … Read More “OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms  – CyberScoop” »

Can Big Data predict markets? Learn how AI, investor behavior, and digital signals shape modern forecasting across stocks and crypto trends.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Silent Ransom Group, a long-running data extortion operation, continues to hit U.S.-based law firms by impersonating IT support and, in some cases, visiting victims in person to gain physical access to computers, the FBI said in an alert Tuesday. The closed group, which likely operates from Russia and emerged in 2022 after Conti disbanded, has … Read More “FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person  – CyberScoop” »

Artificial intelligence is an “unstoppable force” that allows tech to be “weaponized just below the threshold of traditional warfare,” including in cyberspace, the head of a U.K. intelligence, security and cybersecurity agency said Wednesday. We live in a world “where the latest frontier AI is rapidly unearthing fault lines in technologies our society relies on … Read More “UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace  – CyberScoop” »

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The  – Read … Read More “Malicious npm Package Stole Files From Claude AI User Directory via GitHub  – The Hacker News” »

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as … Read More “Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users  – The Hacker News” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulate risk long before anyone labels them an “incident.” That changes the role … Read More “3 SOC Steps that Shut Down Incident Risks Early  – The Hacker News” »

Frankfurt am Main, Germany, 27th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday.  The coordinated effort involved the simultaneous takedown of four attacker-controlled servers that were designed to … Read More “CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain  – CyberScoop” »