AttackFeed by Joe Wagner

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” of its source code. It said it “recently identified” the compromise of its source code repository and that it began working with “leading forensic experts” to resolve the matter immediately. It also said it has notified law enforcement … Read More “Trellix Confirms Source Code Breach With Unauthorized Repository Access  – The Hacker News” »

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A new campaign shows misconfigured Jenkins servers abused to deploy a DDoS botnet targeting gaming systems, with Valve Corporation infrastructure in focus.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly … Read More “30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign  – The Hacker News” »

Cybersecurity agencies from the United States, Australia, Canada, New Zealand and the United Kingdom jointly published guidance Friday urging organizations to treat autonomous artificial intelligence systems as a core cybersecurity concern, warning that the technology is already being deployed in critical infrastructure and defense sectors with insufficient safeguards. The guidance focuses on agentic AI — … Read More “US government, allies publish guidance on how to safely deploy AI agents  – CyberScoop” »

Torrance, United States / California, 1st May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it tracks under the temporary designation SHADOW-EARTH-053. The adversarial collective is assessed to  – … Read More “China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists  – The Hacker News” »

Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and  … Read More “Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. … Read More “Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks  – The Hacker News” »

The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical expertise with business needs. This execution gap is where most deals stall. … Read More “Top Five Sales Challenges Costing MSPs Cybersecurity Revenue  – The Hacker News” »

A critical cPanel vulnerability lets attackers bypass login and gain root access, with active exploitation reported before patches were released.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems … Read More “Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft  – The Hacker News” »

Compare top diagram software in 2026 and see why Wondershare EdrawMax can be a practical choice for fast, template rich, AI supported diagramming.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Two former cybersecurity professionals who moonlighted as cybercriminals, committing a series of ransomware attacks in 2023, were each sentenced to four years in prison, the Justice Department said Thursday. Ryan Clifford Goldberg and Kevin Tyler Martin previously pleaded guilty to one of three charges brought against them in December and faced up to 20 years … Read More “Former incident responders sentenced to 4 years in prison for committing ransomware attacks  – CyberScoop” »

A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers. The vulnerability, tracked as CVE-2026-41940, affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as … Read More “cPanel’s authentication bypass bug is being exploited in the wild, CISA warns  – CyberScoop” »

Congress extended a controversial surveillance law for 45 days on Thursday, hours before its latest expiration following an earlier extension. The Senate passed — then the House cleared — a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act, which authorizes warrantless surveillance of foreign targets. But those targets are sometimes communicating electronically … Read More “Congress kicks the can down the road on surveillance law (again)  – CyberScoop” »

Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Federal Communications Commission approved new regulations Wednesday designed to crack down on robocalling, protect telecommunications networks from cyberattacks and further vet equipment-testing labs based overseas. Commissioners unanimously passed a measure to strengthen telecom companies’ “Know Your Customer” requirements for verifying callers’ identities. Among the potential solutions being considered are requiring telecoms to verify a … Read More “FCC tightens KYC rules for telecoms, closes loophole for banned foreign services  – CyberScoop” »

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is … Read More “PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials  – The Hacker News” »

As more businesses relocate their operations to the cloud, one important decision arises: should you choose managed or…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike. The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity … Read More “Two new extortion crews are speedrunning the Scattered Spider playbook  – CyberScoop” »

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is always a moving target. … Read More “ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories  – The Hacker News” »

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work … Read More “Anti-DDoS Firm Heaped Attacks on Brazilian ISPs  – Krebs on Security” »

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)  – Read More  – The Hacker News 

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. “The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an  – Read More  – … Read More “New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials  – The Hacker News” »

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. “An unprivileged local user can write four controlled bytes into the page cache of … Read More “New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions  – The Hacker News” »

Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy … Read More “Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.  – CyberScoop” »

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”  – Read … Read More “Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution  – The Hacker News” »

A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency. Meanwhile, there’s a 1980s phone protocol called … Read More “Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions  – GRAHAM CLULEY” »

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually safer now?” Crickets. The room goes quiet because an honest answer requires context – which is something that patch counts … Read More “What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)  – The Hacker News” »

PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The growth of data centers — and adversaries’ targeting of them — left lawmakers at a hearing Wednesday contemplating whether the federal government has the right setup for defending them. Some industry witnesses and experts at the hearing of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection testified that the answer might be … Read More “Congress, industry ponder government posture for protecting data centers  – CyberScoop” »

A hacker using the alias “Xorcat” claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More