AttackFeed by Joe Wagner

Businesses are advised against paying – but many are prepared to deal to protect users’ privacy After a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure – which operates the education platform Canvas, used by education … Read More “Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?  – Data and computer security | The Guardian” »

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. … Read More “Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming  – The Hacker News” »

Critical Claw Chain vulnerabilities in OpenClaw expose thousands of AI servers to data theft, backdoors, and admin-level attacks globally this week. .  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Welcome to the third and final day of Pwn2Own Berlin 2026! Over the past two days, some amazing research has been put on display, and today looks just as intense. So far, we have awarded $908,750 for 39 unique zero days. With SharePoint and ESXi as targets today, the chances are excellent for crossing the … Read More “Pwn2Own Berlin 2026: Day Three Results and Master of Pwn  – Zero Day Initiative – Blog” »

Colorado Governor Jared Polis has commuted the prison sentence of Tina Peters, the former Mesa County election clerk who was sentenced last year to serve nine years in state prison for carrying out one of the most serious election-related data breaches in U.S. history. Peters was arrested in 2021, accused of abusing her position as … Read More “Colorado governor commutes prison sentence for election denier Tina Peters   – CyberScoop” »

AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation. The law, passed by Congress last year, allowed law enforcement to immediately prosecute … Read More “Here’s how the FTC plans to enforce the Take It Down Act  – CyberScoop” »

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB)  – … Read More “Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access  – The Hacker News” »

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below –  … Read More “Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence  – The Hacker News” »

Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. The threat group behind the “limited” number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor’s firewalls … Read More “Cisco zero-day under ongoing attack by persistent threat group  – CyberScoop” »

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. “Upon identification of the malicious activity, we worked quickly to investigate, contain, … Read More “TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates  – The Hacker News” »

In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred … Read More “What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface  – The Hacker News” »

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. “Upon identification of the malicious activity, we worked quickly to investigate, contain, … Read More “TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates  – The Hacker News” »

Three-storey GreenSquare datacentre in Hazelmere was to power cloud computing and the acceleration of AI Get our breaking news email, free app or daily news podcast A 15,000 sq metre datacentre near Perth will no longer go ahead after the developer withdrew plans amid community opposition over its impact on culturally significant sites. The three-storey, … Read More “Developer withdraws plans for Perth datacentre after fierce community opposition  – Data and computer security | The Guardian” »

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting … Read More “On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email  – The Hacker News” »

Day Two of Pwn2Own Berlin 2026 is underway and the stakes continue to rise! Security researchers are back on the Pwn2Own stage, pushing enterprise systems to their limits as the competition heats up. More exploits, more surprises, and more standout moments are unfolding follow along here for live updates as the race for Master of … Read More “Pwn2Own Berlin 2026 – Day Two Results  – Zero Day Initiative – Blog” »

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s  – Read More  … Read More “CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits  – The Hacker News” »

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI … Read More “White House cyber official: identity security matters more than ever in the age of AI  – CyberScoop” »

Advanced artificial intelligence models will “fundamentally change warfare as we know it,” a top cyber official at the Defense Department said Thursday, saying it represents “not evolutionary warfare, but revolutionary warfare.” Paul Lyons, principal deputy assistant secretary for cyber policy, said the development of frontier AI models like Mythos amounted to a “watershed moment,” speaking … Read More “Pentagon cyber official calls advanced AI ‘revolutionary warfare’  – CyberScoop” »

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI … Read More “White House cyber official: identity security matters more than ever in the age of AI  – CyberScoop” »

Lesson one for aspiring dark web kingpins: don’t have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious – [email protected] [email protected] [email protected] “Early analysis indicates that [email protected], [email protected], and [email protected]  – Read More  – The Hacker … Read More “Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets  – The Hacker News” »

Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly  … Read More “Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access  – The Hacker News” »

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years … Read More “ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories  – The Hacker News” »

Business cash flow is often harder to manage than revenue. A company can have strong sales and still…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057  – Read … Read More “Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike  – The Hacker News” »

Foxconn, one of the world’s largest manufacturers of electronics sold by major tech vendors, is recovering from a cyberattack that disrupted some of the company’s factories in North America. Nitrogen, a ransomware group that’s known for targeting organizations in the manufacturing, construction and technology sectors, claimed responsibility for the attack on its data leak site … Read More “Major tech manufacturer Foxconn confirms cyberattack hit North American factories  – CyberScoop” »

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. … Read More “How AI Hallucinations Are Creating Real Security Risks  – The Hacker News” »

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the  – Read … Read More “PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure  – The Hacker News” »

A new Darktrace report reveals how Chinese hackers use fake Apple and Yahoo sites and the FDMTP malware framework to spy on organisations.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse  – Read More  – … Read More “Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation  – The Hacker News” »

Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: … Read More “New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption  – The Hacker News” »