AttackFeed by Joe Wagner

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed … Read More “Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages  – The Hacker News” »

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. “Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners … Read More “OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation  – The Hacker News” »

American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized … Read More “Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak  – The Hacker News” »

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android … Read More “iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android  – The Hacker News” »

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Pressure is mounting on Instructure, the company behind Canvas, as cybercriminals threaten to leak a trove of sensitive data they claim was stolen during a prolonged cyberattack on the widely used education tech platform. Widespread outages left schools, students and teachers temporarily unable to access critical data late last week after the company took Canvas … Read More “Pressure mounts on Canvas as data leak extortion deadline looms  – CyberScoop” »

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the … Read More “TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack  – The Hacker News” »

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of … Read More “cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor  – The Hacker News” »

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said … Read More “Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation  – The Hacker News” »

The Dirty Frag vulnerability affects Linux systems and allows root access escalation, while public PoC exploit code increases attack risks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically … Read More “⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More  – The Hacker News” »

Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Dubai, UAE, 11th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent threat before a well-known cybercrime group initiated a mass-exploitation campaign, the company said in a report released Monday. The averted disaster probably isn’t the first time attackers used AI to build a zero-day, but it is the … Read More “Google spotted an AI-developed zero-day before attackers could use it  – CyberScoop” »

Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that’s longer than the exploitation window itself. Nobody in … Read More “Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room  – The Hacker News” »

Decision made to grant US tech firm ‘unlimited access’ to data in project to build integrated platform, according to reports UK politics live – latest updates MPs have warned that an NHS decision to grant Palantir access to identifiable patient information in its plan to use AI to improve the health service is “dangerous” and … Read More “Palantir’s access to identifiable NHS England patient data is ‘dangerous’, MPs say  – Data and computer security | The Guardian” »

The average cyberattack costs for a small- or medium-size business is more than $250,000. The salary for a chief information security officer (CISO) is about the same, pulling in between $250,000 and $400,000, according to the annual 2026 CISO Report from Sophos and Cybersecurity Ventures. Small- and medium-size businesses (SMBs) know they cannot afford the … Read More “The missing cybersecurity leader in small business  – CyberScoop” »

A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire  – Read More  – … Read More “Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads  – The Hacker News” »

Matthew Knoot and Erick Prince have been jailed for 18 months each for helping North Korean hackers infiltrate US firms through remote laptop farms.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera. Ollama is a  – … Read More “Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak  – The Hacker News” »

JDownloader confirms a security breach where hackers manipulated official download links to distribute malicious files between 6 and 7 May 2026.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows – CVE-2026-29201 (CVSS score: 4.3) – An insufficient input validation of the feature file name in the “feature::LOADFEATUREFILE” adminbin call that … Read More “cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now  – The Hacker News” »

Microsoft researchers warn of a new ClickFix campaign targeting macOS with fake guides on Medium and Craft to deploy AMOS and SHub Stealer via Terminal commands.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm … Read More “TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms  – The Hacker News” »

The Senate’s top Democrat called on the Department of Homeland Security Friday to work closely with state and local governments to defend against artificial intelligence-strengthened hacks.  Senate Minority Leader Chuck Schumer, D-N.Y., wrote to DHS Secretary Markwayne Mullin to make sure state, local, tribal and territorial (SLTT) governments aren’t left behind as AI models advance, … Read More “Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments  – CyberScoop” »

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, … Read More “Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads  – The Hacker News” »

The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop.   – Read More  – CyberScoop 

As businesses and governments turn to AI agents to access the internet and perform higher-level tasks, researchers continue to find serious flaws in large language models that can be exploited by bad actors. The latest discovery comes from browser security firm LayerX, involving a bug in the Chrome extension for Anthropic’s Claude AI model that … Read More “Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI  – CyberScoop” »

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentials across the software supply chain,”  – Read More  … Read More “Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP … Read More “New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials  – The Hacker News” »

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments.  The dataset behind these findings includes 10 million monitored  – … Read More “One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk  – The Hacker News” »