Category: Attack Feeds

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter’s project description verbatim in an attempt to deceive unsuspecting users into thinking that … Read More “Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts  – The Hacker News” »

It has just been a few weeks since reports emerged of the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Cybersecurity company Arctic Wolf has warned of a “new cluster of automated malicious activity” that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin … Read More “Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations  – The Hacker News” »

Day Two of Pwn2Own Automotive 2026 is underway, and the stakes are rising. Security researchers are back on the Pwn2Own stage, continuing to probe and challenge the latest automotive systems as the competition intensifies. New exploits, unexpected twists, and standout performances are already emerging – follow along here for daily updates as the race for Master … Read More “Pwn2Own Automotive 2026 – Day Two Results  – Zero Day Initiative – Blog” »

Cisco has released fresh patches to address what it described as a “critical” security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on … Read More “Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex  – The Hacker News” »

In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss how researchers uncovered a creepy flaw that lets attackers hijack wireless headphones, listen … Read More “Smashing Security podcast #451: I hacked the government, and your headphones are next  – GRAHAM CLULEY” »

The National Institute for Standards and Technology is starting 2026 with a smaller staff, a shrinking budget and some big responsibilities around supporting national security and cybersecurity. At a meeting Wednesday of the Information Security Privacy Advisory Board, NIST officials provided updates on how they’re grappling with several Trump administration priorities, including mandates on AI, … Read More “NIST officials detail impact of staff cuts on encryption and other priorities  – CyberScoop” »

Unidentified hackers disrupted Iranian state television to broadcast messages from exiled Crown Prince Reza Pahlavi. Read about the economic crisis, the internet blackout, and the latest reports on the protest death toll.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws. The Global CVE Allocation System, or GCVE, will be maintained by The Computer Incident Response Center Luxembourg (CIRCL) as an alternative to the … Read More “GCVE launches as a decentralized system for tracking software vulnerabilities  – CyberScoop” »

The acting head of the Cybersecurity and Infrastructure Security Agency faced pointed questions from lawmakers Wednesday over CISA personnel decisions and staffing levels. Members of the House Homeland Security Committee asked Madhu Gottumukkala about a reported attempt to fire the agency’s chief information officer, efforts to push out a large number of staff and whether … Read More “Lawmakers probe CISA leader over staffing decisions  – CyberScoop” »

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to … Read More “Exposure Assessment Platforms Signal a Shift in Focus  – The Hacker News” »

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findings  – … Read More “North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews  – The Hacker News” »

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, … Read More “Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws  – The Hacker News” »

Law enforcement agencies from multiple European countries are still pursuing leads on people involved in the Black Basta ransomware group, nearly a year after the group’s internal chat logs were leaked, exposing key details about its operations, and at least six months since the group claimed responsibility for new attacks. Officials in Ukraine and Germany … Read More “Black Basta’s alleged ringleader identified as authorities raid homes of other members  – CyberScoop” »

LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password … Read More “LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords  – The Hacker News” »

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, … Read More “CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution  – The Hacker News” »

Boston, MA, USA, 21st January 2026, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The UK’s National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations. Are you prepared? Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

A poorly secured wristband system used at a Carlsberg exhibition allowed access to visitor photos, videos, and full names. Attempts to report the issue were ignored for months.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks … Read More “Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff  – The Hacker News” »

Ransomware negotiation is a dark but widely acknowledged reality in the cybersecurity industry — one that many argue is a necessary practice, even if it largely occurs out of sight. Brokering payments and terms with cybercriminals who hold organizations’ data and operations hostage places security professionals in a fraught position that requires them to balance … Read More “The thin line between saving a company and funding a crime  – CyberScoop” »

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That’s according to new findings from Check Point Research, which identified operational security blunders by malware’s author that provided clues to its developmental origins. The latest insight … Read More “VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code  – The Hacker News” »

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or  – … Read More “Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs  – The Hacker News” »

Welcome to Day One of Pwn2Own Automotive 2026! Today, 30 entries are taking the Pwn2Own stage to target the latest automotive systems, as the world’s top security researchers push technology to its limits. Exploits, surprises, and breakthrough discoveries are already unfolding – follow along here for updates throughout the day as the competition continues. Stay … Read More “Pwn2Own Automotive 2026 – Day One Results  – Zero Day Initiative – Blog” »

The notorious Everest ransomware group is claiming to have breached McDonald’s India, the Indian subsidiary of the American…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Atlanta, GA, United States, 20th January 2026, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Four years ago, the Department of Justice announced it would no longer seek criminal charges against independent and third-party security researchers for “good faith” security research under the Computer Fraud and Abuse Act. Now, a prominent bug bounty platform is attempting to build a framework for industry to offer similar protections to researchers who study … Read More “HackerOne rolls out industry framework to support ‘good faith’ AI research  – CyberScoop” »

Huntress discovers ‘CrashFix,’ a new attack by KongTuke hacker group using fake ad blockers to crash browsers and trick office workers into installing ModeloRAT malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Congressional appropriators announced funding legislation this week that extends an expiring cyber threat information-sharing law and provides $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), including money for election security and directives on staffing levels. The latest so-called “minibus” package of several spending bills to keep the government funded past a Jan. 30 … Read More “Congressional appropriators move to extend information-sharing law, fund CISA  – CyberScoop” »

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said. “This … Read More “North Korea-Linked Hackers Target Developers via Malicious VS Code Projects  – The Hacker News” »

Madison, United States, 20th January 2026, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The new EU-funded GCVE project is breaking dependence on US databases to track software flaws. Discover how this decentralised system aims to ensure global cybersecurity.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches.  Applying this at scale by … Read More “Why Secrets in JavaScript Bundles are Still Being Missed  – The Hacker News” »

In episode 84 of The AI Fix, Graham and Mark stare straight into the digital abyss and ask the most important question of our age: “Is AI just a hungry ghost trapped in a jar?” Also this week, we explore how a shadowy group of disgruntled insiders trying to destroy AI by poisoning its training … Read More “The AI Fix #84: A hungry ghost trapped in a jar gains access to the Pentagon’s network  – GRAHAM CLULEY” »

RansomHouse claims to have breached Apple contractor Luxshare, but no evidence has been released. Links are offline and the breach remains unverified.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

As emotional computing applications proliferate, the security threats they face require frameworks beyond traditional approaches.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

As emotional computing applications proliferate, the security threats they face require frameworks beyond traditional approaches.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with  … Read More “Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading  – The Hacker News” »

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with  … Read More “Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading  – The Hacker News” »

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI … Read More “Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution  – The Hacker News” »

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI … Read More “Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution  – The Hacker News” »

The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go – but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles. The reason they persist isn’t negligence – it’s fragmentation.  Traditional IAM and IGA systems are designed  … Read More “The Hidden Risk of Orphan Accounts  – The Hacker News” »

Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. “The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer  – Read More  – The Hacker News 

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers.  “The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*),” the web infrastructure  – Read More  – The Hacker … Read More “Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers  – The Hacker News” »

The rise of malicious bots is changing how the internet operates, underscoring the need for stronger safeguards that keep humans firmly in control. Bots now account for more than half of global web traffic, and a new class of “predator bots” has emerged, unleashing self-learning programs that adapt in real time, mimic human behavior, and … Read More “Predator bots are exploiting APIs at scale. Here’s how defenders must respond.  – CyberScoop” »

おかえりなさい (Welcome back!) The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with a record 73 entries. We’ve brought together some of the world’s most talented security researchers to take on the latest automotive components, pushing them to … Read More “Pwn2Own Automotive 2026 – The Full Schedule  – Zero Day Initiative – Blog” »