AttackFeed by Joe Wagner

Three American men were sentenced Friday for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said. The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities … Read More “Trio sentenced for facilitating North Korean IT worker scheme from their homes  – CyberScoop” »

Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files. The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released … Read More “Ubiquiti defect poses account takeover risk for UniFi Networking Application users  – CyberScoop” »

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. “The … Read More “Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure  – The Hacker News” »

Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive … Read More “Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks  – The Hacker News” »

WebP boosts performance raises compatibility issues, making image format conversion to PNG essential for secure, flexible, and efficient web workflows today.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Authorities seized infrastructure powering four botnets that hijacked a combined three million devices and launched more than 300,000 DDoS attacks collectively, the Justice Department said Thursday. The botnets — Aisuru, Kimwolf, JackSkid and Mossad — enabled operators to sell access to the infected devices for various cybercrimes. The aftermath spanned thousands of attacks, including some … Read More “Justice Department disrupts botnet networks that hijacked 3 million devices  – CyberScoop” »

Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence … Read More “Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover  – The Hacker News” »

Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps … Read More “Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams  – The Hacker News” »

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,  – Read … Read More “The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number … Read More “DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks  – The Hacker News” »

A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday. Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive employee and … Read More “North Carolina tech worker found guilty of insider attack netting $2.5M ransom  – CyberScoop” »

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a … Read More “Feds Disrupt IoT Botnets Behind Huge DDoS Attacks  – Krebs on Security” »

For the past decade, cybersecurity experts in the federal government have argued that trust, or a lack of it, was key to developing effective security policies for agency systems and data. But today, cybercriminals and state-sponsored hackers are using artificial intelligence to develop and launch cyberattacks more quickly and efficiently. Governments and businesses are facing … Read More “Can Zero Trust survive the AI era?  – CyberScoop” »

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. “Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate  … Read More “Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers  – The Hacker News” »

A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 34 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize … Read More “54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security  – The Hacker News” »

Federal cyber officials aren’t seeing a significant change in attacks tied to Iran since the conflict there began, at least not yet, but they are on the lookout for any uptick and are focusing on the Stryker attack in particular. Terry Kalka — director of the Defense Industrial Base Collaborative Information Sharing Environment at The … Read More “Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach  – CyberScoop” »

Austin, TX, USA, 19th March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Austin, United States, 19th March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a … Read More “ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More  – The Hacker News” »

Cybersecurity researchers have disclosed a new Android malware family called Perseus that’s being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a “more flexible and capable platform” for compromising Android devices … Read More “New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data  – The Hacker News” »

Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic’s AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, … Read More “How Ceros Gives Security Teams Visibility and Control in Claude Code  – The Hacker News” »

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, … Read More “DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows – CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting  … Read More “CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks  – The Hacker News” »

Computer vision frameworks explained, features, types, and future trends. Learn how AI tools process images, train models, and…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cisco customers have confronted a flood of actively exploited vulnerabilities affecting the vendor’s network edge software since late February, and researchers say that five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have already been exploited in the wild.  Attackers exploited a pair of these defects … Read More “Cisco’s latest vulnerability spree has a more troubling pattern underneath  – CyberScoop” »

Executives at top U.S. robotics companies asked Congress for federal dollars, new legislation and a simpler regulatory field, arguing the support is necessary to adapt to the AI era and compete with their well-oiled, state-funded Chinese competitors. The U.S. robotics sector, estimated at $50 billion in value, includes world famous companies like Boston Dynamics. The … Read More “U.S. robotics companies want federal help to keep Chinese robots out of America’s networks  – CyberScoop” »

Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass … Read More “OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs  – The Hacker News” »

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to  – … Read More “Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access  – The Hacker News” »

Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More