AttackFeed by Joe Wagner

A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that … Read More “Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware  – The Hacker News” »

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor … Read More “npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks  – The Hacker News” »

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set … Read More “Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software  – The Hacker News” »

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions “The timing and pattern of the newly published tags  – Read More  – The Hacker News 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. “Drupal Core  – … Read More “Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV  – The Hacker News” »

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. “Any cPanel user (including an attacker or a compromised account) … Read More “LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root  – The Hacker News” »

FBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday.  The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims … Read More “FBI warns about fast-growing phishing kit targeting Microsoft 365 users  – CyberScoop” »

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation … Read More “First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups  – The Hacker News” »

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government  – Read … Read More “Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware  – The Hacker News” »

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain … Read More “Lawmakers Demand Answers as CISA Tries to Contain Data Leak  – Krebs on Security” »

SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. … Read More “Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI  – Read More  – The … Read More “Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to … Read More “Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-34291 (CVSS score: 9.4) – An origin validation error vulnerability in Langflow that could  … Read More “CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV  – The Hacker News” »

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. “An attacker could exploit this vulnerability if they are able to send  … Read More “Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access  – The Hacker News” »

Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department said Thursday. Jacob Butler was arrested Wednesday in Ottawa, Canada, and awaits extradition to the United States where he is charged with aiding and abetting computer intrusions and, if convicted, … Read More “Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada  – CyberScoop” »

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a … Read More “Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada  – Krebs on Security” »

Two cybersecurity-focused members of Congress agreed Thursday that reductions to the Cybersecurity and Infrastructure Security Agency have done too much damage to an agency essential to defending civilian networks against foreign adversaries. Rep. Don Bacon, R-Neb., and Rep. James Walkinshaw, D-Va., spoke during a discussion at the National Cyber Innovation Forum. Despite representing different parties, … Read More “Lawmakers from both parties say CISA cuts have gone too far  – CyberScoop” »

President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing.  Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order … Read More “Trump postpones executive order focused on AI security   – CyberScoop” »

President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing.  Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order … Read More “Trump postpones executive order focused on AI security   – CyberScoop” »

Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday. “The open-source community is one that I’m particularly worried about when we start to think … Read More “CISA chief frets about open-source vulnerabilities, delayed security improvements  – CyberScoop” »

European authorities took down a prominent virtual private network service and arrested the alleged administrator behind an operation that cybercriminals used to steal data, commit fraud and ransomware attacks, Europol said Thursday.  First VPN, which was promoted on Russian-speaking cybercrime forums, gained popularity for providing services that allowed users to hide their infrastructure and identities. … Read More “European authorities take down prolific cybercrime VPN service  – CyberScoop” »

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a … Read More “Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor  – The Hacker News” »

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. … Read More “ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories  – The Hacker News” »

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. “Improper link resolution before file access (‘link following’) … Read More “Microsoft Warns of Two Actively Exploited Defender Vulnerabilities  – The Hacker News” »

There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for the crisis before it arrives. In cybersecurity, it’s a mentality that’s long underpinned investment, strategy and board-level conversations. And by many measures, organizations appear to have already ‘dug’ that well. … Read More “The readiness paradox: Why a false sense of cyber confidence is becoming a liability  – CyberScoop” »

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have … Read More “When Identity is the Attack Path  – The Hacker News” »

As the AI universe expands, so have the cybercriminals that use AI for hacking. Recent reports are showing that bank attacks using AI has increased over 400%, with savvy criminals staying ahead of anti-fraud measures. Another report for 2025 has identified 1,243 financial brands as their main targets in 90 countries and 34 active malware … Read More “Hackers Stealing Bank Accounts from iPhone and Android Users Using AI  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several … Read More “9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros  – The Hacker News” »

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database … Read More “Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks  – The Hacker News” »

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its … Read More “GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension  – The Hacker News” »

A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we’ve heard all year. Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over … Read More “Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers  – GRAHAM CLULEY” »

On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems … Read More “Meet Rampart and Clarity, Microsoft’s new red team combo AI agents  – CyberScoop” »

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI … Read More “Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development  – The Hacker News” »