AttackFeed by Joe Wagner

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth … Read More “AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack  – The Hacker News” »

A Cybersecurity and Infrastructure Security Agency order published Thursday directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support. It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential … Read More “CISA tells agencies to stop using unsupported edge devices  – CyberScoop” »

A 23-year-old New York man allegedly affiliated with 764 was arrested and charged with receiving child sexual abuse material. Aaron Corey of Albany, N.Y., faces up to 20 years in prison for trafficking CSAM during a three-month period ending in December. Corey, also known as “Baggeth,” is accused of running multiple 764-related chats, seeking CSAM … Read More “Alleged 764 member arrested, charged with CSAM possession in New York  – CyberScoop” »

In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This bug was originally discovered by Gereon Huppertz and reported through the TrendAI Zero Day Initiative (ZDI) program. Successful exploitation could result in … Read More “CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall  – Zero Day Initiative – Blog” »

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Crypto scams are surging worldwide, from pig butchering to fake trading platforms and deepfakes, draining victims while fraud teams struggle to keep up.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Godent has announced the launch of its scanner-as-a-service program for European DSOs, combining free intraoral scanners with a fully integrated digital lab infrastructure to modernize dental workflows.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Compromised home routers in 30+ countries had DNS traffic redirected, sending users to malicious sites while normal browsing appeared unaffected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. “The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory  … Read More “DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files  – The Hacker News” »

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry … Read More “ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories  – The Hacker News” »

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month. “The threat actor stopped maintaining … Read More “Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends  – The Hacker News” »

Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risks posed by enterprise resource planning (ERP) systems pose after a series of high-profile cyberattacks. The Jaguar Land Rover (JLR), incident in Sept. 2025 illustrates the severe consequences of such attacks. The cyberattack forced JLR … Read More “Why boards should be obsessed with their most ‘boring’ systems  – CyberScoop” »

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result … Read More “The Buyer’s Guide to AI Usage Control  – The Hacker News” »

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX  – … Read More “Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign  – The Hacker News” »

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX  – … Read More “Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign  – The Hacker News” »

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical … Read More “Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows  – The Hacker News” »

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical … Read More “Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows  – The Hacker News” »

Red teaming has undergone a radical evolution. Modern organizations can no longer rely solely on human creativity or…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant’s AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors … Read More “Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models  – The Hacker News” »

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,  … Read More “China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns  – The Hacker News” »

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Washington, DC, 4th February 2026, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication  – … Read More “Orchid Security Introduces Continuous Identity Observability for Enterprise Applications  – The Hacker News” »

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should … Read More “The First 90 Seconds: How Early Decisions Shape Incident Response Investigations  – The Hacker News” »

ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant’s Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since  – Read More  – … Read More “Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for … Read More “CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog  – The Hacker News” »

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up … Read More “Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions  – The Hacker News” »

Alisa Viejo, United States, 4th February 2026, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

More than a year after national security officials revealed that Chinese hackers had systematically infiltrated U.S. telecommunications networks, the top Senate Democrat on the committee overseeing the industry is calling for hearings with executives from the nation’s biggest telecom companies. In a public letter released Tuesday, Sen. Maria Cantwell, D-Wash., called for the CEOs of … Read More “Cantwell claims telecoms blocked release of Salt Typhoon report   – CyberScoop” »

A revised government-industry council devoted to critical infrastructure protection could be set up to have broader and more specific discussions on things like cybersecurity and threats to hardware and software that monitor and control industrial processes, known as operational technology (OT). A top official at the Cybersecurity and Infrastructure Security Agency (CISA), Nick Andersen, said … Read More “What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing  – CyberScoop” »

Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls.  The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in … Read More “Ivanti’s EPMM is under active attack, thanks to two critical zero-days  – CyberScoop” »

A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More