Category: Attack Feeds

The post Hegseth, Gabbard tap Tim Kosiba as NSA deputy director after months of cyber leadership tumult appeared first on CyberScoop.   – Read More  – CyberScoop 

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final … Read More “China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines  – The Hacker News” »

A trio of Senate Democrats are calling on Apple and Google to drop Elon Musk’s X from app stores as international regulators in Europe and Britain took steps towards investigations of the site’s mass undressing of users using Grok’s AI tool. On Friday, Senators Ron Wyden, D-Ore., Ben Ray Luján, D-N.M., and Ed Markey, D-Mass., … Read More “Dems pressure Google, Apple to drop X app as international regulators turn up heat  – CyberScoop” »

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed … Read More “Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations  – The Hacker News” »

A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

In our previous Kenwood DNR1007XR blog, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of the main PCB. In this post, we aim to outline the attack surface of the DNR1007XR in the hopes of providing inspiration for vulnerability research. We will cover the main supported technologies … Read More “Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part Two  – Zero Day Initiative – Blog” »

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise … Read More “Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)  – The Hacker News” »

Billionaire Chen Zhi and associates Xu Ji Liang and Shao Ji Hui have been extradited to China. This exclusive report details the collapse of the Prince Group’s global scam network, the seizure of $15 billion in Bitcoin, and the forced labour camps behind the billion-dollar pig butchering fraud.  – Read More  – Hackread – Cybersecurity … Read More “$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows – ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate … Read More “CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024  – The Hacker News” »

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case … Read More “Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions  – The Hacker News” »

The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges – marking one of the few successful US prosecutions of a stalkerware operator. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. “As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)  … Read More “FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing  – The Hacker News” »

Talha Tariq and his colleagues at Vercel, the company that maintains Next.js, endured many sleep-deprived nights and weekends when React2Shell was discovered and disclosed soon after Thanksgiving. The defect, which affects vast stretches of the internet’s underlying infrastructure, posed a significant risk for Next.js, an open-source library that depends on vulnerable React Server Components. He … Read More “Inside Vercel’s sleep-deprived race to contain React2Shell  – CyberScoop” »

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On … Read More “Who Benefited from the Aisuru and Kimwolf Botnets?  – Krebs on Security” »

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A critical vulnerability (CVE-2026-21877) found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

CrowdStrike is buying identity management startup SGNL, a move that underscores how identity security has become a central battleground in enterprise cybersecurity as companies add cloud services and deploy AI-driven tools. The cybersecurity firm did not disclose financial terms in a Thursday announcement, but CrowdStrike CEO George Kurtz told CNBC the deal is valued at … Read More “CrowdStrike to buy identity startup SGNL for nearly $740M  – CyberScoop” »

Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his “best friend,” even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice.  – Read More  – Hackread – Cybersecurity News, Data … Read More “US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. “The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact … Read More “WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging  – The Hacker News” »

The Trump administration is withdrawing the United States from a handful of international organizations that work to strengthen cybersecurity. As part of a broader pullback from 66 international organizations, the administration is leaving the Global Forum on Cyber Expertise, the Online Freedom Coalition and the European Centre of Excellence for Countering Hybrid Threats. Trump’s decision … Read More “Trump pulls US out of international cyber orgs  – CyberScoop” »

Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop  … Read More “China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes  – The Hacker News” »

As collective disgust has continued to build over the widespread generation and sharing of nonconsensual, sexualized deepfakes generated by X’s GrokAI tool, angry onlookers have expressed shock that the activity continues unabated and company owner Elon Musk isn’t being compelled – by either U.S. regulators or law enforcement – to put a halt to the … Read More “‘Elon Musk is playing with fire:’ All the legal risks that apply to Grok’s deepfake disaster  – CyberScoop” »

Bryan Fleming, founder of pcTattletale, pleads guilty in a landmark federal spying case. Read how an undercover HSI sting and a data breach ended a decade of illegal stalkerware sales.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave … Read More “ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories  – The Hacker News” »

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half … Read More “The State of Trusted Open Source  – The Hacker News” »

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows – CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated  – Read More  – … Read More “Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances  – The Hacker News” »

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.” bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) “The  … Read More “Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages  – The Hacker News” »

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to  – … Read More “Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release  – The Hacker News” »

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails,  … Read More “OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office  – Read … Read More “CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited  – The Hacker News” »

Romance scammers have apparently discovered astrology… and Taurus is their secret weapon. In episode 449 of “Smashing Security”, we take a look inside an actual romance-fraud handbook – complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto. Then Lesley “hacks4pancakes” Carhart delivers a … Read More “Smashing Security podcast #449: How to scam someone in seven days  – Graham Cluley” »

Researchers warn that a critical vulnerability in n8n, an automation platform that allows organizations to integrate AI agents, workflows and hundreds of other enterprise services, could be exploited by attackers to achieve full control of targeted networks. The maximum-severity vulnerability — CVE-2026-21858 — affects about 100,000 servers globally, according to Cyera, which initially discovered and … Read More “Researchers rush to warn defenders of max-severity defect in n8n  – CyberScoop” »

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) … Read More “Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches  – The Hacker News” »

For the upcoming Pwn2Own Automotive contest, a total of 3 head units have been selected. One of these is the double DIN Kenwood DNR1007XR that offers a variety of functionality such as Android Auto, Apple CarPlay, USB media playback, wireless mirroring and more. This blog post presents photos of the DNR1007XR including highlighting interesting internal … Read More “Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One  – Zero Day Initiative – Blog” »

A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett & Associates, by using stolen passwords and a lack of MFA.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Taiwan endured a year-long intensified cyber offensive from China in 2025, that targeted the government and critical infrastructure — with an increasing focus on the energy and hospital sectors, according to a Taiwan government analysis published this week. Cyberattacks from China rose 6% compared to 2024, the National Security Bureau analysis concluded. Every major sector … Read More “Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts  – CyberScoop” »

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been  – Read … Read More “Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control  – The Hacker News” »

Veeam has released an update to fix a security flaw in its Backup & Replication software that could let certain users run code on affected systems. The main issue, tracked as CVE-2025-59470, affects all Veeam Backup & Replication version 13 builds, according to a security advisory released Tuesday. Veeam said older product lines, including 12.x … Read More “Veeam issues patch to close critical remote code execution flaw  – CyberScoop” »

Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0. “This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres … Read More “Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication  – The Hacker News” »

Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report  – Read … Read More “The Future of Cybersecurity Includes Non-Human Employees  – The Hacker News” »

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. “Under certain conditions, an authenticated user may be able to cause untrusted code … Read More “n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions  – The Hacker News” »

Security teams are still catching malware. The problem is what they’re not catching. More attacks today don’t arrive as files. They don’t drop binaries. They don’t trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind … Read More “Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators  – The Hacker News” »

Texas based Gulshan Management Services, operator of Handi Plus and Handi Stop gas stations, reports a data breach impacting over 377,000 people.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The cybersecurity industry has been battling a talent shortage and skills gap for years. Meanwhile, organizations need a new way to approach risk management proactively and more effectively. AI seems the clear answer to both. Open tech roles are trending down or flat, while demand for AI skills is climbing fast. It’s structural change that … Read More “Why cybersecurity cannot hire its way through the AI era  – CyberScoop” »

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have been sent internally. “Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the  … Read More “Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing  – The Hacker News” »

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters. “An unauthenticated remote attacker … Read More “Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers  – The Hacker News” »

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More