AttackFeed by Joe Wagner

A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several … Read More “One House Democrat is pressing Commerce on the government’s spyware use  – CyberScoop” »

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky   – … Read More “PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux  – The Hacker News” »

AI Leak Fuels Malware Scams. Company source code is proprietary and typically held as top secret. However, a recent software leak accident by Anthropic has led to a cascade of nefarious behaviours by hackers. Anthropic is the well-known creator of Claude AI, and the accidental leak of the source code has allowed scammers to create … Read More “AI Software Leak Lets Scammers Add Malware and Steal Data and Your Money  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to … Read More “vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution  – The Hacker News” »

Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press is in a frenzy over a new Linux bug called “Copy Fail” – complete … Read More “Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired  – GRAHAM CLULEY” »

A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according to an account published by Strix, an open-source autonomous security testing project. The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix, … Read More “A DOD contractor’s API flaw exposed military course data and service member records  – CyberScoop” »

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted  – Read … Read More “Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks  – The Hacker News” »

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. “According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially … Read More “Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs  – The Hacker News” »

Attackers are actively exploiting a zero-day vulnerability affecting some Palo Alto Networks’ customers’ firewalls, the security vendor said in an advisory Tuesday. The critical memory corruption vulnerability — CVE-2026-0300 — affects the authentication portal of PAN-OS, and allows unauthenticated attackers to run  code with root privileges on the vendor’s PA-Series and VM-Series firewalls, the company … Read More “A critical Palo Alto PAN-OS zero-day is being exploited in the wild  – CyberScoop” »

ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false flag” operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection … Read More “MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack  – The Hacker News” »

Siloed planning slows decisions and hides risk. Integrated business planning connects finance, demand, supply, and strategy into a single disciplined cycle.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide … Read More “Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?  – The Hacker News” »

For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 … Read More “The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open  – The Hacker News” »

Designing game feel requires responsive controls, hit-stop, sound, animation, and feedback systems that make gameplay satisfying.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

AI-generated code is changing AppSec workflows, forcing teams to rethink SDLC security, dependency checks, code review, and risk prioritization.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. “This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,” Google’s product and security teams said. The initiative builds upon the foundation of Pixel Binary Transparency, … Read More “Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks  – The Hacker News” »

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to … Read More “Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution  – The Hacker News” »

DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners and operators to plan for delivering essential services under emergency conditions – potentially for months at a time. The federal government’s top cybersecurity agency warned that state-sponsored hackers, particularly two Chinese groups known as Salt Typhoon and Volt Typhoon, continue to threaten critical sectors … Read More “CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict  – CyberScoop” »

The Cybersecurity and Infrastructure Security Agency has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts sift through threats, but it’s also proven valuable elsewhere within the agency, CISA officials said Tuesday. It’s “really allowing those analysts to do triage very fast, so they focus on … Read More “CISA boasts AI automation improvements to threat analysis, mission support  – CyberScoop” »

The Cybersecurity and Infrastructure Security Agency has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts sift through threats, but it’s also proven valuable elsewhere within the agency, CISA officials said Tuesday. It’s “really allowing those analysts to do triage very fast, so they focus on … Read More “CISA boasts AI automation improvements to threat analysis, mission support  – CyberScoop” »

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers  Igor Kuznetsov, Georgy Kucherin, Leonid  – Read … Read More “DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware  – The Hacker News” »

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol … Read More “Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE  – The Hacker News” »

A federal judge sentenced a Latvian national to 102 months in prison for his involvement in a series of ransomware attacks for more than two years prior to his arrest in 2023, the Justice Department said Monday. Deniss Zolotarjovs, a resident of Moscow at the time, helped an organization led by former leaders of the … Read More “Latvian national sentenced for ransomware attacks run by former Conti leaders  – CyberScoop” »

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have … Read More “China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions  – The Hacker News” »

Cambridge, MA, 5th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated … Read More “MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks  – The Hacker News” »

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets … Read More “The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed  – The Hacker News” »

An anti-ICE website, GTFO ICE, linked to Miles Taylor, is accused of exposing the personal details of 17,662 activists, sparking concerns that the data may have reached government agencies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. … Read More “We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is  – The Hacker News” »

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to … Read More “ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows  – The Hacker News” »