AttackFeed by Joe Wagner

Three-storey GreenSquare datacentre in Hazelmere was to power cloud computing and the acceleration of AI Get our breaking news email, free app or daily news podcast A 15,000 sq metre datacentre near Perth will no longer go ahead after the developer withdrew plans amid community opposition over its impact on culturally significant sites. The three-storey, … Read More “Developer withdraws plans for Perth datacentre after fierce community opposition  – Data and computer security | The Guardian” »

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting … Read More “On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email  – The Hacker News” »

Day Two of Pwn2Own Berlin 2026 is underway and the stakes continue to rise! Security researchers are back on the Pwn2Own stage, pushing enterprise systems to their limits as the competition heats up. More exploits, more surprises, and more standout moments are unfolding follow along here for live updates as the race for Master of … Read More “Pwn2Own Berlin 2026 – Day Two Results  – Zero Day Initiative – Blog” »

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s  – Read More  … Read More “CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits  – The Hacker News” »

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI … Read More “White House cyber official: identity security matters more than ever in the age of AI  – CyberScoop” »

Advanced artificial intelligence models will “fundamentally change warfare as we know it,” a top cyber official at the Defense Department said Thursday, saying it represents “not evolutionary warfare, but revolutionary warfare.” Paul Lyons, principal deputy assistant secretary for cyber policy, said the development of frontier AI models like Mythos amounted to a “watershed moment,” speaking … Read More “Pentagon cyber official calls advanced AI ‘revolutionary warfare’  – CyberScoop” »

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI … Read More “White House cyber official: identity security matters more than ever in the age of AI  – CyberScoop” »

Lesson one for aspiring dark web kingpins: don’t have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious – [email protected] [email protected] [email protected] “Early analysis indicates that [email protected], [email protected], and [email protected]  – Read More  – The Hacker … Read More “Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets  – The Hacker News” »

Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly  … Read More “Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access  – The Hacker News” »

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years … Read More “ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories  – The Hacker News” »

Business cash flow is often harder to manage than revenue. A company can have strong sales and still…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057  – Read … Read More “Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike  – The Hacker News” »

Foxconn, one of the world’s largest manufacturers of electronics sold by major tech vendors, is recovering from a cyberattack that disrupted some of the company’s factories in North America. Nitrogen, a ransomware group that’s known for targeting organizations in the manufacturing, construction and technology sectors, claimed responsibility for the attack on its data leak site … Read More “Major tech manufacturer Foxconn confirms cyberattack hit North American factories  – CyberScoop” »

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. … Read More “How AI Hallucinations Are Creating Real Security Risks  – The Hacker News” »

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the  – Read … Read More “PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure  – The Hacker News” »

A new Darktrace report reveals how Chinese hackers use fake Apple and Yahoo sites and the FDMTP malware framework to spy on organisations.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse  – Read More  – … Read More “Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation  – The Hacker News” »

Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: … Read More “New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption  – The Hacker News” »

Welcome to Day One of Pwn2Own Berlin 2026! Today, 22 entries take the Pwn2Own stage to target AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products, as the world’s top security researchers push technology to its limits. Exploits, surprises, and breakthrough discoveries are unfolding. Follow the action live! We’ll be posting … Read More “Pwn2Own Berlin 2026 – Day One Results  – Zero Day Initiative – Blog” »

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a  – … Read More “18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE  – The Hacker News” »

TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous … Read More “Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities  – GRAHAM CLULEY” »

Instructure has reached an agreement with the ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records from a public leak.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities. Wednesday brought a closed-door briefing for the House Homeland Security Committee … Read More “Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks  – CyberScoop” »

Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks. The AISI, which conducts pre-deployment … Read More “Researchers say AI just broke every benchmark for autonomous cyber capability  – CyberScoop” »

The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying  an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation. The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is … Read More “DOJ releases legal rationale for nationwide voter data collection  – CyberScoop” »

The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying  an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation. The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is … Read More “DOJ releases legal rationale for nationwide voter data collection  – CyberScoop” »

Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of … Read More “Weaponized AI: The new frontier of fraud and identity spoofing  – CyberScoop” »

Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Willkommen! (Welcome!) Pwn2Own Berlin 2026 has arrived at OffensiveCon, and the world’s top security researchers are ready. This year’s enterprise-focused competition features AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products. Earlier today, we held the random draw to determine attempt order. Below is the official schedule. All times are Berlin … Read More “Pwn2Own Berlin 2026: The Full Schedule  – Zero Day Initiative – Blog” »

OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows, … Read More “Daybreak is OpenAI’s answer to the AI arms race in cybersecurity  – CyberScoop” »

A Slovakian administrator tied to the dark web Kingdom Market received a 16 year US prison sentence for drug trafficking and cybercrime activity.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), … Read More “Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation  – The Hacker News” »

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different … Read More “Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday  – The Hacker News” »

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities … Read More “Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws  – The Hacker News” »

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have … Read More “Most Remediation Programs Never Confirm the Fix Actually Worked  – The Hacker News” »