AttackFeed by Joe Wagner

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.  – Read More  – … Read More “Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware  – The Hacker News” »

The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. “This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,”  … Read More “Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries  – The Hacker News” »

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. “The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing  – Read More  – The Hacker News 

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room … Read More “Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It  – The Hacker News” »

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between … Read More “SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks  – The Hacker News” »

Alisa Viejo, CA, United States, 25th February 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a report released Wednesday, but only 1% of those defects, just 422, were exploited in the wild. As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are … Read More “Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks  – CyberScoop” »

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is … Read More “Manual Processes Are Putting National Security at Risk  – The Hacker News” »

Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

“Decimated.”  “Amateur hour.” “Pretty much fallen apart.” “It’s really hard to find something positive to say right now.” It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It … Read More “Across party lines and industry, the verdict is the same: CISA is in trouble  – CyberScoop” »

A Chinese law enforcement official attempted to use ChatGPT to review its reports on cyber operations, subsequently revealing details of a worldwide online harassment and silencing campaign of China’s critics at home and abroad. In a new threat report released Wednesday, OpenAI said the activity concerned a single account that regularly used ChatGPT to review … Read More “Chinese group’s ChatGPT use reveals worldwide harassment campaign against critics  – CyberScoop” »

Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon’s servers. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October … Read More “Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker  – The Hacker News” »

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system … Read More “SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute  … Read More “CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability  – The Hacker News” »

Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An ex-L3 Harris executive was sentenced to over seven years in prison Tuesday after pleading guilty to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars. Williams, 39, admitted to two counts of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at … Read More “Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker  – CyberScoop” »

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a  … Read More “RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN  – The Hacker News” »

Anthropic claims Chinese AI firms distilled Claude to train rival AI models, raising concerns about model extraction, security risks, and AI distillation abuse.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional  … Read More “UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware  – The Hacker News” »

Amazon says a Russian speaking low-skill hacker used AI tools to breach hundreds of FortiGate devices worldwide, showing how AI can scale cyberattacks with basic methods.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Learn how to strengthen app performance without slowing innovation using metrics, observability, scalability planning, and disciplined release strategies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Strengthen DDoS Readiness with proactive protection strategies, risk assessments, traffic monitoring, scalable defenses, and rapid response planning.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Wilmington, North America, 24th February 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom’s threat intelligence division said it also identified the same threat actors mounting an … Read More “Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks  – The Hacker News” »

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of … Read More “Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem  – The Hacker News” »

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. “The group used several  … Read More “UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors  – The Hacker News” »

Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems. The average breakout time — how long it took financially-motivated attackers … Read More “CrowdStrike says attackers are moving through networks in under 30 minutes  – CyberScoop” »

Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude’s capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms  – … Read More “Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model  – The Hacker News” »

Data breaches in 2026 explained, new cyber threats, AI driven attacks, common breach causes, and practical security strategies for individuals and businesses  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation … Read More “APT28 Targeted European Entities Using Webhook-Based Macro Malware  – The Hacker News” »

Anthropic on Monday accused three Chinese artificial intelligence laboratories of stealthily trying to siphon Claude’s capabilities for their own models, potentially in a way that could fuel offensive cyber operations. The U.S. AI startup said the three labs, DeepSeek, Moonshot and MiniMax, ran “industrial-scale campaigns” with a tactic known as “distillation.” It involves sending bulk … Read More “Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities  – CyberScoop” »

16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim  – Read More  – … Read More “Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb  – The Hacker News” »