AttackFeed by Joe Wagner

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a … Read More “Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor  – The Hacker News” »

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. … Read More “ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories  – The Hacker News” »

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. “Improper link resolution before file access (‘link following’) … Read More “Microsoft Warns of Two Actively Exploited Defender Vulnerabilities  – The Hacker News” »

There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for the crisis before it arrives. In cybersecurity, it’s a mentality that’s long underpinned investment, strategy and board-level conversations. And by many measures, organizations appear to have already ‘dug’ that well. … Read More “The readiness paradox: Why a false sense of cyber confidence is becoming a liability  – CyberScoop” »

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have … Read More “When Identity is the Attack Path  – The Hacker News” »

As the AI universe expands, so have the cybercriminals that use AI for hacking. Recent reports are showing that bank attacks using AI has increased over 400%, with savvy criminals staying ahead of anti-fraud measures. Another report for 2025 has identified 1,243 financial brands as their main targets in 90 countries and 34 active malware … Read More “Hackers Stealing Bank Accounts from iPhone and Android Users Using AI  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several … Read More “9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros  – The Hacker News” »

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database … Read More “Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks  – The Hacker News” »

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its … Read More “GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension  – The Hacker News” »

A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we’ve heard all year. Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over … Read More “Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers  – GRAHAM CLULEY” »

On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems … Read More “Meet Rampart and Clarity, Microsoft’s new red team combo AI agents  – CyberScoop” »

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI … Read More “Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development  – The Hacker News” »

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the … Read More “Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks  – The Hacker News” »

GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the … Read More “GitHub says internal repositories were impacted in poisoned VS Code extension attack  – CyberScoop” »

Before indicators, before oscillators, before anything that requires a formula – the market communicates through price structure. Peaks…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn’t have occurred at a worse time, with enterprises embracing Agent … Read More “Agent AI is Coming. Are You Ready?  – The Hacker News” »

Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies  – … Read More “Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API  – The Hacker News” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR  Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate … Read More “Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem  – The Hacker News” »

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred … Read More “Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit  – The Hacker News” »

Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. “After the initial assessment, … Read More “Grafana GitHub Breach Exposes Source Code via TanStack npm Attack  – The Hacker News” »

GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ … Read More “GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories  – The Hacker News” »

Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential … Read More “CISA credential leak raises alarms, and Capitol Hill demands answers  – CyberScoop” »

AI agent security starts with a simple fact: the more authority an agent has, the tighter its access…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Attackers couldn’t get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon analyzed in its latest Data Breach Investigations Report released Tuesday. The massive annual study uncovered a surge of exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects … Read More “Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches  – CyberScoop” »

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud. “Users  – Read More  – … Read More “Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps  – The Hacker News” »

Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Why do maintenance teams struggle? Is it because they lack skills? Or do they need more advanced resources?…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Torrance, United States / California, 19th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified as TeamPCP, has been linked to earlier waves of the same campaign, with this latest variant more capable than previous waves. Researchers analyzing the payload found a worm that spreads … Read More “Mini Shai-Hulud returns, compromising hundreds of npm packages  – CyberScoop” »