Category: Attack Feeds

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers … Read More “DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials  – The Hacker News” »

Crypto enables 24/7 payments for AI agents, replacing fiat limits with scalable machine-to-machine transactions and powering the emerging machine economy.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There’s a bit of everything this week. Persistence plays, legal wins, influence … Read More “⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More  – The Hacker News” »

Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year’s findings … Read More “The State of Secrets Sprawl 2026: 9 Takeaways for CISOs  – The Hacker News” »

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling  – Read More  … Read More “Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels  – The Hacker News” »

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.” The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL  … Read More “Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign  – The Hacker News” »

ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel “will now find … Read More “Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack  – The Hacker News” »

Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per  – Read … Read More “Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug  – The Hacker News” »

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community … Read More “TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. … Read More “CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation  – The Hacker News” »

Iran-linked Handala hackers breached FBI Chief Kash Patel’s Gmail, leaking photos and documents. Officials say no classified data was exposed.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this … Read More “Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits  – The Hacker News” »

Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Iranian hackers claimed Friday to have compromised the personal data of FBI Director Kash Patel, and the bureau confirmed that it knew of the targeting of Patel’s personal email. The government-connected hacking group, Handala, previously claimed credit for hacking medical device maker Stryker, a boast that threat researchers considered credible. “All personal and confidential email … Read More “Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data  – CyberScoop” »

Researchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a … Read More “TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files  – The Hacker News” »

SAN FRANCISCO — Every RSA Conference has its buzzwords. Cloud. Ransomware. Zero trust. Plastered across the 87-acre Moscone Center complex on every booth, banner and bar. This year was AI, with vendors pitching AI-powered solutions to every security problem imaginable. But 2026 stood out for a different reason: Industry leaders spent the conference warning about … Read More “Security leaders say the next two years are going to be ‘insane’  – CyberScoop” »

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. “The pipeline had a single boolean return value that meant both ‘no scanners are … Read More “Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks  – The Hacker News” »

Letter from group published by MPs blames 12 March glitch on software update to its mobile banking apps Lloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed. A letter … Read More “Almost half a million Lloyds customers had personal data exposed in IT glitch  – Data and computer security | The Guardian” »

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. “TikTok has been historically … Read More “AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion  – The Hacker News” »

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and prosperity that much of the world has … Read More “We Are At War  – The Hacker News” »

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. “Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon … Read More “Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware  – The Hacker News” »

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of  – Read More  – The … Read More “LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks  – The Hacker News” »

ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A year-long effort to strengthen cybersecurity and modernize tech at U.S. intelligence agencies has led to policy standards for using AI to bolster cyber defenses, a shared repository of all apps that have undergone a cybersecurity review and more, the Office of the Director of National Intelligence announced Thursday. An unclassified summary of cyber and … Read More “ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review  – CyberScoop” »

The Federal Communications Commission is moving to crack down on illegal robocalls and the use of foreign call centers. At a meeting Thursday, the three-member commission unanimously approved a new proposed regulation to increase certification and disclosure requirements for obtaining phone numbers, while also expanding those same requirements to all providers seeking phone numbers from … Read More “FCC pushes new rules to crack down on robocallers, foreign call centers  – CyberScoop” »

Enterprise AI security solutions in 2026, compare Check Point, Palo Alto, CrowdStrike, Fortinet, and Zscaler across cloud, endpoint, and network.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that’s also tracked as Earth Bluecrow,  – Read … Read More “China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks  – The Hacker News” »

7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.6 million emails went undetected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

SAN FRANCISCO — Four former National Security Agency directors shared varying concerns about a lack of earnest and widespread response to growing threats in cyberspace during a discussion at the RSAC 2026 Conference on Tuesday. Accelerating threats posed by artificial intelligence, China and cybercriminals at large are testing the country’s resolve and determination to foster … Read More “Former NSA chiefs worry American offensive edge in cybersecurity is slipping  – CyberScoop” »

Banks, governments and tech providers urged to upgrade security because current systems will soon be obsolete Banks, governments and technology providers need to be prepared for quantum computer hackers capable of breaking most existing encryption systems by 2029, Google has warned. The tech company said in a blogpost that quantum computers would pose a “significant … Read More “Google warns quantum computers could hack encrypted systems by 2029  – Data and computer security | The Guardian” »

This practitioner-focused review covers Acalvio ShadowPlex, a deception-first platform designed to stop attacker progress across IT, cloud, OT,…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in … Read More “ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories  – The Hacker News” »

Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors … Read More “Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception  – The Hacker News” »

Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared … Read More “Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website  – The Hacker News” »

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule … Read More “[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks  – The Hacker News” »

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. “When Coruna was first reported, the public evidence wasn’t sufficient to … Read More “Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks  – The Hacker News” »

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called “Loot.” Meanwhile, two people drive up to the entrance of the UK’s nuclear submarine base at Faslane and politely … Read More “Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie  – GRAHAM CLULEY” »

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. “Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,” Sansec said in a report … Read More “WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites  – The Hacker News” »

Google is accelerating its timeline for migrating its products to quantum resistant encryption to 2029, the latest sign that tech leaders are worried that they haven’t been aggressive enough in planning for a post-quantum future. In a blog posted Wednesday, vice president of security engineering Heather Adkins and senior staff cryptology engineer Sophie Schmieg said … Read More “Google moves post-quantum encryption timeline up to 2029  – CyberScoop” »

An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday. Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and … Read More “Alleged RedLine infostealer conspirator extradited to US  – CyberScoop” »