Category: Attack Feeds

The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday. The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and … Read More “CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector  – CyberScoop” »

The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday. The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and … Read More “CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector  – CyberScoop” »

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. “Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email. … Read More “Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues  – The Hacker News” »

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. “Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email. … Read More “Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues  – The Hacker News” »

Electronic signature security starts before the first document is sent. A company needs to know how files are…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Electronic signature security starts before the first document is sent. A company needs to know how files are…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly. On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and … Read More “Anthropic’s new model is Mythos on a leash  – CyberScoop” »

Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly. On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and … Read More “Anthropic’s new model is Mythos on a leash  – CyberScoop” »

Tech company says it ‘caught and disrupted’ NSO Group’s attempts to access accounts in Jordan and Lebanon A spyware firm has been targeting WhatsApp users with malicious links in contravention of a US court order forbidding it from doing so, Meta has said. In a post, Meta said WhatsApp had “caught and disrupted spear phishing … Read More “Spyware firm targeted WhatsApp users in defiance of US court order, Meta says  – Data and computer security | The Guardian” »

Cisco customers are confronting yet another actively exploited zero-day vulnerability affecting the vendor’s SD-WAN management software, reinforcing pressure on organizations that have experienced rare breaks from active threats this year. The vulnerability — CVE-2026-20245 — marks the seventh actively exploited zero-day in Cisco SD-WANs this year. Cisco said it first became aware of active exploitation … Read More “Cisco customers encounter another SD-WAN zero-day under attack  – CyberScoop” »

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw … Read More “WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine  – The Hacker News” »

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted … Read More “Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models  – The Hacker News” »

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine. “Out-of-bounds read and write in V8 in Google Chrome prior to … Read More “Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now  – The Hacker News” »

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine. “Out-of-bounds read and write in V8 in Google Chrome prior to … Read More “Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now  – The Hacker News” »

Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to  … Read More “The Hidden Security Risk in Modern Networks: The Work Between Tools  – The Hacker News” »

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. “The compromised releases shipped a *-setup.pth file that attempts to … Read More “Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer  – The Hacker News” »

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention … Read More “New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing  – The Hacker News” »

An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the  – … Read More “LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE  – The Hacker News” »

WhatsApp says it blocked Israeli firm NSO’s Pegasus spyware activity and is asking a US court to treat the targeting as an injunction breach.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re bad. These aren’t “whoops, this line right here is wrong, and that’s RCE.” They’re novel combinations of a few dozen issues out of thousands of … Read More “The Hardest Fork  – The Hacker News” »

Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June … Read More “One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public  – The Hacker News” »

Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint. The company won a civil case last year against NSO Group barring it from targeting WhatsApp users and securing $168 million in damages, although NSO Group has … Read More “Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint  – CyberScoop” »

Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users. “They tried to trick people into clicking on … Read More “Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order  – The Hacker News” »

Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker … Read More “Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups  – The Hacker News” »

Monday again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone … Read More “⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More  – The Hacker News” »

Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance. As … Read More “AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload  – The Hacker News” »

Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Instagram glitch exposed Mark Zuckerberg’s email addresses and phone number, plus contact details of other top users, through a password reset flaw.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with … Read More “VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances  – The Hacker News” »

AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization. Historically, governments have … Read More “The AI security race needs accountability, not overregulation  – CyberScoop” »

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is … Read More “UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign  – The Hacker News” »

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. “When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an … Read More “VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks  – The Hacker News” »

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, … Read More “New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration  – The Hacker News” »

Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories. “Access to this  – Read More  … Read More “Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack  – The Hacker News” »

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in … Read More “AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash  – Read More  … Read More “CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog  – The Hacker News” »

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the successor to Luminati, operates what it calls the largest … Read More “Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI  – The Hacker News” »

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government … Read More “Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available  – The Hacker News” »

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer “scrapes every secret it can find on a developer’s machine, hides behind an eBPF … Read More “IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks  – The Hacker News” »

If you’ve ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Atlas Menu Data Breach exposes 64,000 GTA V and CS2 cheat service users, leaking emails, IPs, support tickets and hashed passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, … Read More “Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps  – The Hacker News” »