AttackFeed by Joe Wagner

A key Senate Committee moved to advance legislation that would overhaul cybersecurity practices at the Department of Health and Human Services. The bipartisan Health Care Cybersecurity and Resiliency Act sailed through the Senate Health, Education and Labor Committee Thursday on a 22-1 vote, with only Sen. Rand Paul, R-Ky., opposing it. The legislation, sponsored by … Read More “Senate moves one step closer to passing health care cyber reforms   – CyberScoop” »

Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. “Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain,” Qrator Labs said in a report shared with The  … Read More “Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown  – The Hacker News” »

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth … Read More “ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories  – The Hacker News” »

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. “Dohdoor utilizes … Read More “UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor  – The Hacker News” »

How better threat visibility and real-time intelligence reduce MTTR, improve SOC response speed, and strengthen resilience through faster detection and containment.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

New VulnCheck research reveals that while thousands of CVEs are discovered yearly, only 1% drive real-world impact.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

How better threat visibility and real-time intelligence reduce MTTR, improve SOC response speed, and strengthen resilience through faster detection and containment.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money… from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The … Read More “Expert Recommends: Prepare for PQC Right Now  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by … Read More “Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens  – The Hacker News” »

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. “The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code  – … Read More “Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware  – The Hacker News” »

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain  … Read More “Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access  – The Hacker News” »

Attackers have been exploiting a pair of zero-day vulnerabilities in Cisco’s network edge software for at least three years, and the global campaign is ongoing, authorities said across a series of warnings released Wednesday. The Cybersecurity and Infrastructure Security Agency issued an emergency directive about the global attacks and issued joint guidance with the Five … Read More “Governments issue warning over Cisco zero-day attacks dating back to 2023  – CyberScoop” »

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.  – Read More  – … Read More “Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware  – The Hacker News” »

Intelligent contract solutions replace traditional CLM by adding AI analysis, benchmarking, and risk insights that speed reviews, reduce delays, and improve decisions.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. “This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,”  … Read More “Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries  – The Hacker News” »

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. “The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing  – Read More  – The Hacker News 

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room … Read More “Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It  – The Hacker News” »

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between … Read More “SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks  – The Hacker News” »

Alisa Viejo, CA, United States, 25th February 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a report released Wednesday, but only 1% of those defects, just 422, were exploited in the wild. As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are … Read More “Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks  – CyberScoop” »

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is … Read More “Manual Processes Are Putting National Security at Risk  – The Hacker News” »

Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

“Decimated.”  “Amateur hour.” “Pretty much fallen apart.” “It’s really hard to find something positive to say right now.” It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It … Read More “Across party lines and industry, the verdict is the same: CISA is in trouble  – CyberScoop” »

A Chinese law enforcement official attempted to use ChatGPT to review its reports on cyber operations, subsequently revealing details of a worldwide online harassment and silencing campaign of China’s critics at home and abroad. In a new threat report released Wednesday, OpenAI said the activity concerned a single account that regularly used ChatGPT to review … Read More “Chinese group’s ChatGPT use reveals worldwide harassment campaign against critics  – CyberScoop” »

Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon’s servers. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October … Read More “Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker  – The Hacker News” »

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system … Read More “SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute  … Read More “CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability  – The Hacker News” »

Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

An ex-L3 Harris executive was sentenced to over seven years in prison Tuesday after pleading guilty to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars. Williams, 39, admitted to two counts of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at … Read More “Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker  – CyberScoop” »

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a  … Read More “RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN  – The Hacker News” »