Category: Attack Feeds

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via  – Read … Read More “CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV  – The Hacker News” »

Cybersecurity firm Cato Networks reveals HashJack, a new AI browser vulnerability using the ‘#’ symbol to hide malicious commands. Microsoft and Perplexity fixed the flaw, but Google’s Gemini remains at risk.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions … Read More “North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware  – The Hacker News” »

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a build and deployment automation tool named … Read More “Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages  – The Hacker News” »

As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, without compromising  – Read More  – … Read More “Why Organizations Are Turning to RPAM  – The Hacker News” »

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. “When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization,” Ontinue security researcher Rhys Downing … Read More “MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants  – The Hacker News” »

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report … Read More “Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan  – The Hacker News” »

Scattered LAPSUS$ Hunters admin “Rey,” allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run. “This update strengthens security and … Read More “Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update  – The Hacker News” »

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cronos launches x402 PayTech Hackathon with $42K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. … Read More “ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories  – The Hacker News” »

CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. Read more in my article on the Hot for Security blog.  – Read More  – Graham … Read More “State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns  – Graham Cluley” »

Richard Hughes, head of Office for Budget Responsibility, says he has apologised to chancellor for ‘letting people down’ How Rachel Reeves’s budget was leaked 40 minutes early Business live – latest updates UK politics live – latest updates The chair of the Office for Budget Responsibility has said he felt “personally mortified” by the early … Read More “OBR chair ‘mortified’ by budget leak as ex-cybersecurity chief called in to investigate  – Data and computer security | The Guardian” »

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has “expanded to a larger list” as of November 21, 2025. It did not reveal the exact number of customers who were … Read More “Gainsight Expands Impacted Customer List Following Salesforce Security Alert  – The Hacker News” »

America’s airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts. Meanwhile, we look at how a worker at a cybersecurity firm allegedly … Read More “Smashing Security podcast #445: The hack that brought back the zombie apocalypse  – Graham Cluley” »

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

OnSolve CodeRED, a voluntary, opt-in emergency notification system used by law enforcement agencies and municipalities across the country, has been permanently shut down in the wake of a ransomware attack. Crisis24, the company behind the service, said it decommissioned the platform after the cyberattack damaged the OnSolve CodeRED environment earlier this month. “Current forensic analysis … Read More “Crisis24 shuts down emergency notification system in wake of ransomware attack  – CyberScoop” »

The House Homeland Security Committee is calling on Anthropic CEO Dario Amodei to provide testimony on a likely-Chinese espionage campaign that used Claude, the company’s AI tool, to automate portions of a wide-ranging cyber campaign targeting at least 30 organizations around the world. The committee sent Amodei a letter Wednesday commending Anthropic for disclosing the … Read More “Congress calls on Anthropic CEO to testify on Chinese Claude espionage campaign  – CyberScoop” »

A new bipartisan bill introduced in the House would increase the criminal penalties for committing fraud and impersonation with the assistance of AI tools. The AI Fraud Deterrence Act, introduced by Reps. Ted Lieu, D-Calif., and Neal Dunn, R-Md., would raise the overall ceiling for criminal fines and prison time for fraudsters who use AI … Read More “New legislation targets scammers that use AI to deceive  – CyberScoop” »

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the “setup_bun.js” loader and the main payload … Read More “Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets  – The Hacker News” »

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first published by a user named “sjclark76” on May 7, 2024. The developer describes the … Read More “Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps  – The Hacker News” »

A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, … Read More “Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’  – Krebs on Security” »

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

South Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. “This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)  – Read … Read More “Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist  – The Hacker News” »

Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Royal Borough of Kensington and Chelsea and Westminster city council investigate whether data has been compromised At least two London councils have been hit by a cyber-attack and have invoked emergency plans as they investigate whether any data has been compromised. The Royal Borough of Kensington and Chelsea and Westminster City council, which share some … Read More “Two London councils enact emergency plans after being hit by cyber-attack  – Data and computer security | The Guardian” »

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations’ security investments are asymmetrical, robust detection tools paired with an … Read More “When Your $2M Security Detection Fails: Can your SOC Save You?  – The Hacker News” »

The final season of “Stranger Things” is upon us, and 1980s nostalgia is at an all-time high. The clunky control panels at Hawkins Lab help set the stage for the show. The unfortunate reality is that similar legacy systems still exist in operational technology (OT) environments today. Just as Hawkins Lab spawned a monstrous compendium … Read More “‘Stranger Things’ emerge when OT security is stuck in the past  – CyberScoop” »

Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch… The very tools that make your job easier might also be the reason your systems are at risk. These tools … Read More “Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools  – The Hacker News” »

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. “This is the first time that a RomCom payload has been observed being distributed by SocGholish,” Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report. The … Read More “RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware  – The Hacker News” »

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more … Read More “FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams  – The Hacker News” »

As legitimate businesses purchase AI tools from some of the largest companies in the world, cybercriminals are accessing  an increasingly sophisticated underground market for custom LLMs designed to  assist with lower-level hacking tasks. In a report published Tuesday, Palo Alto Networks’ Unit 42 looked at how underground hacking forums advertise and sell custom, jailbroken, and … Read More “Underground AI models promise to be hackers ‘cyber pentesting waifu’   – CyberScoop” »

An independent forensic investigation is underway to determine the extent of the intrusion into customer management software Gainsight’s systems and whether the breach has spread beyond Salesforce to other third-party applications. Despite this ongoing analysis, the company maintains that the impact on customer data stored within connected services is limited and largely contained. “While Salesforce … Read More “Gainsight CEO downplays impact of attack that spread to Salesforce environments  – CyberScoop” »

Artificial intelligence (AI) helps us in doing small and big things that are important in our daily lives.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Horsham, United Kingdom, 25th November 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Everest claims large breaches at Iberia and Air Miles España with major data taken from both travel platforms placing millions of users at risk.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of  … Read More “Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys  – The Hacker News” »

In episode 78 of The AI Fix, alien robot spiders invade Antarctica (or Facebook says they do), Mark prepares humanity for AI-powered fighter jets with loyalty issues, and Graham tries to work out why his AI-generated country music career hasn’t yet paid for even a Tesco Meal Deal. Anthropic claims it has caught the first … Read More “The AI Fix #78: The big AI bubble, and robot Grandma in the cloud  – Graham Cluley” »

Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update. “Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in … Read More “JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers  – The Hacker News” »

AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. “This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user’s browser, which can be used outside the perimeter of … Read More “ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. “This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News. … Read More “Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware  – The Hacker News” »

2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon Global world instability, coupled with rapid technological advancement, will force security teams to adapt not … Read More “3 SOC Challenges You Need to Solve Before 2026  – The Hacker News” »