AttackFeed by Joe Wagner

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The  – Read … Read More “Malicious npm Package Stole Files From Claude AI User Directory via GitHub  – The Hacker News” »

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as … Read More “Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users  – The Hacker News” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulate risk long before anyone labels them an “incident.” That changes the role … Read More “3 SOC Steps that Shut Down Incident Risks Early  – The Hacker News” »

Frankfurt am Main, Germany, 27th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday.  The coordinated effort involved the simultaneous takedown of four attacker-controlled servers that were designed to … Read More “CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain  – CyberScoop” »

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. “Since at least early 2025, GlassWorm operators have systematically targeted software developers, a  – Read More  – The Hacker News 

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2  – Read … Read More “Gitea Vulnerability Exposes Private Container Images without Authentication  – The Hacker News” »

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AI tools on any given day. … Read More “5 Steps to Managing Shadow AI Tools Without Slowing Down Employees  – The Hacker News” »

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft  – Read More  – The … Read More “AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites  – The Hacker News” »

Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved. The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe … Read More “White House charts new course for federal agencies and cybersecurity logging  – CyberScoop” »

Apple has released quantum-resistant cryptographic code and the mathematical verification tools it developed to prove the code’s correctness, making them publicly available for independent review and broader use across the industry. The release includes implementations of two quantum-secure algorithms, ML-KEM and ML-DSA, along with the formal verification libraries and tools Apple created to validate their … Read More “Apple open-sources quantum-resistant encryption code  – CyberScoop” »

Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and … Read More “MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries  – The Hacker News” »

So, you’ve enabled multi-factor authentication. You’ve taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? Well, think again. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Anthropic said its month-old Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity software vulnerabilities across systemically important code, a finding the company says has shifted the central problem in cybersecurity from discovering flaws to verifying and patching them. The findings, drawn from partner reports and independent evaluations, mark one of the first … Read More “Anthropic: Mythos finds more than 10,000 software flaws in first month  – CyberScoop” »

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. “Deserialization of untrusted data in Microsoft … Read More “Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions  – The Hacker News” »

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop. According to recent updates from The Hacker News, bad … Read More “New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar  – The Hacker News” »

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn’t log in without the second factor. While that logic was sound, attackers have now figured out that they don’t need to steal the second factor: they just need the … Read More “MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You  – The Hacker News” »

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability  – Read More  … Read More “CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks  – The Hacker News” »

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides … Read More “Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning  – The Hacker News” »

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading … Read More “KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike  – The Hacker News” »

Hackers compromised FBI Chief Kash Patel’s clothing store in a ClickFix attack that tricked macOS users into installing infostealer malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago. Good times. Phishing crews are getting smarter too – … Read More “⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos  – The Hacker News” »

Ciaran Martin says Reform UK leader’s allegation over Guardian report on £5m gift ‘entirely unsubstantiated’ Nigel Farage’s claim that a Russian hack was behind a Guardian report on the £5m gift he received from a crypto billionaire has been described as “without any merit” by a former head of the National Cyber Security Centre. Ciaran … Read More “Nigel Farage’s Russian hack claim ‘without any merit’, former NCSC chief says  – Data and computer security | The Guardian” »

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the … Read More “Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks  – Krebs on Security” »

Dutch authorities arrested two suspects after dismantling a bulletproof hosting network linked to cybercrime, disinfo, and Russian sanctions evasion.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because … Read More “The Alert Firehose Finally Meets Its Match  – The Hacker News” »