AttackFeed by Joe Wagner

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. “According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially … Read More “Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs  – The Hacker News” »

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. “This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,” Google’s product and security teams said. The initiative builds upon the foundation of Pixel Binary Transparency, … Read More “Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks  – The Hacker News” »

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to … Read More “Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution  – The Hacker News” »

DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners and operators to plan for delivering essential services under emergency conditions – potentially for months at a time. The federal government’s top cybersecurity agency warned that state-sponsored hackers, particularly two Chinese groups known as Salt Typhoon and Volt Typhoon, continue to threaten critical sectors … Read More “CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict  – CyberScoop” »

The Cybersecurity and Infrastructure Security Agency has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts sift through threats, but it’s also proven valuable elsewhere within the agency, CISA officials said Tuesday. It’s “really allowing those analysts to do triage very fast, so they focus on … Read More “CISA boasts AI automation improvements to threat analysis, mission support  – CyberScoop” »

The Cybersecurity and Infrastructure Security Agency has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts sift through threats, but it’s also proven valuable elsewhere within the agency, CISA officials said Tuesday. It’s “really allowing those analysts to do triage very fast, so they focus on … Read More “CISA boasts AI automation improvements to threat analysis, mission support  – CyberScoop” »

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers  Igor Kuznetsov, Georgy Kucherin, Leonid  – Read … Read More “DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware  – The Hacker News” »

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol … Read More “Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE  – The Hacker News” »

A federal judge sentenced a Latvian national to 102 months in prison for his involvement in a series of ransomware attacks for more than two years prior to his arrest in 2023, the Justice Department said Monday. Deniss Zolotarjovs, a resident of Moscow at the time, helped an organization led by former leaders of the … Read More “Latvian national sentenced for ransomware attacks run by former Conti leaders  – CyberScoop” »

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have … Read More “China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions  – The Hacker News” »

Cambridge, MA, 5th May 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated … Read More “MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks  – The Hacker News” »

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets … Read More “The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed  – The Hacker News” »

An anti-ICE website, GTFO ICE, linked to Miles Taylor, is accused of exposing the personal details of 17,662 activists, sparking concerns that the data may have reached government agencies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. … Read More “We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is  – The Hacker News” »

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to … Read More “ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows  – The Hacker News” »

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26 … Read More “Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries  – The Hacker News” »

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/  – Read … Read More “Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API  – The Hacker News” »

Attackers are actively exploiting a Linux vulnerability in the wild, and researchers warn that the fallout could be broad — anyone with authenticated local access can leverage it to gain total control of a system.  But the story behind CVE-2026-31431 is almost as interesting as the bug itself. Theori, the company that discovered the bug, … Read More “‘Copy Fail’ is a real Linux security crisis wrapped in AI slop  – CyberScoop” »

An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares … Read More “Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools  – The Hacker News” »

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The  – … Read More “Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass  – The Hacker News” »

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted … Read More “⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More  – The Hacker News” »

Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A 19-year-old woman is suing the makers of a dating app, alleging they took a video she posted online, repurposed it without her consent into an advertisement for the app, then used geofencing to target that ad to people in her area.  According to the lawsuit filed Apr. 28 in Tennessee and an interview with … Read More “A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory  – CyberScoop” »

Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read more in my article on the Hot for Security blog.  – Read More  … Read More “Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition  – GRAHAM CLULEY” »

The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities. … Read More “Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia  – The Hacker News” »

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to … Read More “2026: The Year of AI-Assisted Attacks  – The Hacker News” »

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel. The activity, detected by Ctrl-Alt-Intel on May 2, 2026, … Read More “Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks  – The Hacker News” »

Missile and drone attacks that took out cloud data centers in the Middle East underscored a critical vulnerability in the modern economy: reliance on digital infrastructure that sustains competitive advantage and operational continuity for corporations, nations, and militaries.  The outages and downstream disruption were a preview of a new form of strategic and operational risk. … Read More “Why data centers now belong on the critical infrastructure list  – CyberScoop” »

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership … Read More “Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M  – The Hacker News” »

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow … Read More “CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV  – The Hacker News” »

Scammers are abusing Google AppSheet and Google Drive to bypass security filters and steal thousands of Facebook Business accounts globally.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More