Category: Attack Feeds

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker … Read More “LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem  – The Hacker News” »

OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Tel Aviv, Israel, 8th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an … Read More “Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now  – The Hacker News” »

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops … Read More “Step Into the Password Graveyard… If You Dare (and Join the Live Session)  – The Hacker News” »

Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The … Read More “OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks  – The Hacker News” »

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord … Read More “ShinyHunters Wage Broad Corporate Extortion Spree  – Krebs on Security” »

Microsoft Threat Intelligence said a cybercriminal group it tracks as Storm-1175 has exploited a maximum-severity vulnerability in GoAnywhere MFT to initiate multi-stage attacks including ransomware. Researchers observed the malicious activity Sept. 11, Microsoft said in a blog post Monday. Microsoft’s research adds another substantive chunk of evidence to a growing collection of intelligence confirming the … Read More “Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175  – CyberScoop” »

A long-running theme in the use of adversarial AI since the advent of large language models has been the automation and enhancement of well-established hacking methods, rather than the creation of new ones.   That remains the case for much of OpenAI’s October threat report, which highlights how government agencies and the cybercriminal underground are opting … Read More “OpenAI: Threat actors use us to be efficient, not make new tools  – CyberScoop” »

Critical Redis flaw RediShell (CVE-2025-49844) exposes 60,000 servers to remote code execution. Patch immediately to prevent full system compromise.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. “The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs  – … Read More “BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers  – The Hacker News” »

Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive … Read More “Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them  – The Hacker News” »

Raleigh, United States, 7th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the ICPC World Finals, Claude Sonnet 4.5 codes for 30 … Read More “The AI Fix #71: Hacked robots and power-hungry AI  – Graham Cluley” »

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. “XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis … Read More “XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities  – The Hacker News” »

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the … Read More “New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise  – The Hacker News” »

Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, … Read More “Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware  – The Hacker News” »

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger … Read More “13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely  – The Hacker News” »

CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical … Read More “Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks  – The Hacker News” »

Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week.  Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory … Read More “Oracle zero-day defect amplifies panic over Clop’s data theft attack spree  – CyberScoop” »

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Tech experts and companies offering encrypted messaging services are warning that  pending European regulation, which would grant governments broad authority to scan messages and content on personal devices for criminal activity, could spell “the end” of privacy in Europe. The European Union will vote Oct. 14 on a legislative proposal from the Danish Presidency known … Read More “Potential EU law sparks global concerns over end-to-end encryption for messaging apps   – CyberScoop” »

Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.” Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal … Read More “House Dems seek info about ICE spyware contract, wary of potential abuses  – CyberScoop” »

A misconfigured database belonging to a pet insurance company, “Rainwalk Pet Insurance,” exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Paris, France, 6th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, … Read More “New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations  – The Hacker News” »

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand  – Read … Read More “Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers  – The Hacker News” »

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help  – Read … Read More “5 Critical Questions For Adopting an AI Security Solution  – The Hacker News” »

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these … Read More “⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More  – The Hacker News” »

WatchTowr finds a serious flaw in Dell UnityVSA (CVE-2025-36604) letting attackers run commands without login. Dell issues patch 5.5.1 – update now.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways.  Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what … Read More “Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks  – CyberScoop” »

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in … Read More “Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files  – The Hacker News” »

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to … Read More “Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks  – The Hacker News” »

You tap Update, wait for the progress indicator, and then error. Your iPhone freezes and displays “Update Failed,”…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

As we all know, the SD card usually stores your multimedia and important mobile files. When Android suddenly…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Hackers are more likely to target educational institutions than private businesses, government survey shows When hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low. But the broader education sector is well used to being a target. Continue reading…  – Read More  – Data and computer … Read More “Six out of 10 UK secondary schools hit by cyber-attack or breach in past year  – Data and computer security | The Guardian” »

Discord confirms a data breach via a third-party vendor, exposing government-issued photo IDs, names, emails, and limited billing data of users who contacted customer support. Learn the full risk.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, … Read More “CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief  – The Hacker News” »

A Zimperium zLabs analysis of 800 free Android and iOS VPN apps exposes critical security flaws, including the Heartbleed bug, excessive system permissions, and non-transparent data practices. Learn how these ‘privacy’ tools are actually major security risks, especially for BYOD environments.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described … Read More “Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day  – The Hacker News” »

A leak site from Scattered LAPSUS$ Hunters alleges Salesforce breach, with hackers claiming 1B records stolen and 39 major companies affected  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That’s according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has … Read More “Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer  – The Hacker News” »

Federal courts are upgrading their cybersecurity on a number of fronts, but multifactor authentication for the system that gives the public access to court data poses “unique challenges,” the Administrative Office of the United States Courts told Sen. Ron Wyden in a letter this week. Wyden, D-Ore., wrote a scathing August letter to the Supreme … Read More “Federal judiciary touts cybersecurity work in wake of latest major breach  – CyberScoop” »

A coordinated Israeli-backed network of social media accounts pushed anti-government propaganda — including deepfakes and other AI-generated content — to Iranians as real-world kinetic attacks were happening, with the goal of fomenting revolt among the country’s people, according to researchers at Citizen Lab. In research released this week, the nonprofit — along with Clemson University … Read More “Researchers say Israeli government likely behind AI-generated disinfo campaign in Iran  – CyberScoop” »

Bitsight warns ICS/OT exposure jumped 12% in 2024, leaving 180,000+ critical infrastructure systems open to attack. Learn about the possible vulnerabilities and new malware strains.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto