AttackFeed by Joe Wagner

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity, … Read More “GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data  – The Hacker News” »

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said. The feature, … Read More “Android Adds Intrusion Logging for Sophisticated Spyware Forensics  – The Hacker News” »

ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.onion) site.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly … Read More “‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack  – CyberScoop” »

Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting … Read More “Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical  – CyberScoop” »

A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any … Read More “Major world economies spell out key elements of AI ‘ingredients list’  – CyberScoop” »

Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

I’m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn’t stop Patch Tuesday from coming, and it’s another big one. At least nothing is listed as being in the wild – for now. Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from … Read More “The May 2026 Security Update Review  – Zero Day Initiative – Blog” »

Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free  – … Read More “New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution  – The Hacker News” »

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on … Read More “RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded  – The Hacker News” »

Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it … Read More “Google and Amnesty International teamed up to make it harder for spyware vendors to hide  – CyberScoop” »

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. “TrickMo relies on a runtime-loaded APK  (dex.module),  … Read More “New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots  – The Hacker News” »

As video content continues to dominate entertainment, education, and social media platforms, more users are searching for reliable…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT, … Read More “Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help  – The Hacker News” »

We’ve received some feedback from those who read the Patch Blog that they would like something similar for macOS updates. Unfortunately, Apple doesn’t schedule these for a particular day, but we can provide our thoughts and analysis on the days they do release their latest patches. For May 2026, Apple released 82 unique CVEs across … Read More “The Apple macOS Security Update Review  – Zero Day Initiative – Blog” »

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the … Read More “Why Agentic AI Is Security’s Next Blind Spot  – The Hacker News” »

If you had time to walk the expo floor at this year’s RSA Conference, it was impossible to miss the shift in our industry. Artificial intelligence has moved from an emerging layer to the foundation of what powers cybersecurity companies. But from our vantage point as investors who work closely with founders and operators, the bigger … Read More “AI is separating the companies built to scale from the ones built to sell  – CyberScoop” »

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed … Read More “Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages  – The Hacker News” »

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. “Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners … Read More “OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation  – The Hacker News” »

American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized … Read More “Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak  – The Hacker News” »

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android … Read More “iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android  – The Hacker News” »

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Pressure is mounting on Instructure, the company behind Canvas, as cybercriminals threaten to leak a trove of sensitive data they claim was stolen during a prolonged cyberattack on the widely used education tech platform. Widespread outages left schools, students and teachers temporarily unable to access critical data late last week after the company took Canvas … Read More “Pressure mounts on Canvas as data leak extortion deadline looms  – CyberScoop” »

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the … Read More “TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack  – The Hacker News” »

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of … Read More “cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor  – The Hacker News” »

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said … Read More “Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation  – The Hacker News” »

The Dirty Frag vulnerability affects Linux systems and allows root access escalation, while public PoC exploit code increases attack risks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically … Read More “⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More  – The Hacker News” »

Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More