Category: Attack Feeds

Attack Feeds

Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector  – The Hacker News

Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October  – Read More  – The Hacker...

Attack Feeds

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm  – The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2023-20118 (CVSS score: 6.5) – A command injection  – Read More  – The...

Attack Feeds

Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities  – The Hacker News

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-43093 – A privilege escalation flaw in the Framework component that could result in unauthorized access to “Android/data,” “Android/obb,”  – Read...

Attack Feeds

Android security update contains 2 actively exploited vulnerabilities  – CyberScoop

Google addressed 43 vulnerabilities affecting Android devices in its March security update, including a pair of software defects reportedly under active exploitation. Google said the two vulnerabilities — CVE-2024-43093 and CVE-2024-50302 — “may be under limited, targeted exploitation.” The most severe of the flaws under active exploitation, CVE-2024-43093, carries a CVSS score of 7.8 and was added to the Cybersecurity...

Attack Feeds

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail  – The Hacker News

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to ...

Attack Feeds

DHS says CISA won’t stop looking at Russian cyber threats  – CyberScoop

The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and critical infrastructure protection. It further...

Attack Feeds

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children’s Data Protection Practices  – The Hacker News

The U.K.’s Information Commissioner’s Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it’s probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range...

Attack Feeds

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks  – The Hacker News

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager’s BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). “These include arbitrary kernel memory mapping and  – Read More  – The...

Attack Feeds

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites  – The Hacker News

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. “The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known  – Read More ...

Attack Feeds

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists  – The Hacker News

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely...

Attack Feeds

The New Ransomware Groups Shaking Up 2025  – The Hacker News

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%,...

Attack Feeds

Vo1d Botnet’s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries  – The Hacker News

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25,...

Attack Feeds

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language  – The Hacker News

Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states – You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe...

Attack Feeds

SolarWinds CISO says security execs are ‘nervous’ about individual liability for data breaches   – CyberScoop

SolarWinds’ top cybersecurity executive said chief information security officers are increasingly grappling with how to do their jobs while avoiding individual legal liability for breaches that happen on their watch. Tim Brown, now CISO at SolarWinds, was a vice president and the highest-ranking security official at the company when hackers working on behalf of the Russian Foreign Intelligence Service (SVR)...

Attack Feeds

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab  – Krebs on Security

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software,...

Attack Feeds

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone  – The Hacker News

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. “The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite,” the international non-governmental  – Read More  –...

Attack Feeds

Cyber hacking moves to violence and harm of children  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

Psychologists may have a plethora of reasons why individuals turn to cyber crime; and their results move beyond disturbing. It comes as no surprise that those involved in the theft of data have now escalated, their schemes to be even darker. These criminals have expanded to include international online groups called ‘the Com” where they […] The post Cyber hacking...

Attack Feeds

5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs  – The Hacker News

Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow’s content delivery network (CDN) to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. “The attacker uses SEO to trick victims into  – Read...

Attack Feeds

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable  – The Hacker News

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment....

Attack Feeds

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme  – The Hacker News

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft’s Azure OpenAI Service. The tech giant is  – Read More  – The...

Attack Feeds

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus  – The Hacker News

The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a “strong resemblance” to Awaken Likho (aka Core Werewolf, GamaCopy,...

Attack Feeds

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training  – The Hacker News

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users. Truffle  –...

Attack Feeds

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies  – CyberScoop

U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company while threatening to leak additional...

Attack Feeds

Here’s what Google is (and isn’t) planning with SMS account verification  – CyberScoop

Google is gradually phasing out SMS-based verification as part of its two-step verification (2SV) process across its suite of services, signaling a significant shift in how the tech giant approaches user authentication and security. The change, which will affect Gmail and all other Google services where users sign in with their Google accounts, marks a move away from the traditional...

Attack Feeds

Here’s what Google is (and isn’t) planning with SMS account verification  – CyberScoop

Google is gradually phasing out SMS-based verification as part of its two-step verification (2SV) process across its suite of services, signaling a significant shift in how the tech giant approaches user authentication and security. The change, which will affect Gmail and all other Google services where users sign in with their Google accounts, marks a move away from the traditional...

Attack Feeds

CFPB nominee signals openness to continuing data-broker work  – CyberScoop

President Donald Trump’s nominee to lead the consumer-focused federal agency that Elon Musk wants to “delete” and that Republican lawmakers have railed against since its creation indicated to senators Thursday that he could continue some data-focused work started by his Democratic predecessor. In his nomination hearing to lead the Consumer Financial Protection Bureau, Jonathan McKernan told members of the Senate...

Attack Feeds

Microsoft IDs developers behind alleged generative AI hacking-for-hire scheme  – CyberScoop

Microsoft has identified individuals from Iran, China, Vietnam and the United Kingdom as primary players in an alleged international scheme to hijack and sell Microsoft accounts that could bypass safety guidelines for generative AI tools. In December, Microsoft petitioned a Virginia court to seize infrastructure and software from 10 unnamed individuals who the company claims ran a hacking-as-a-service operation that...

Attack Feeds

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations  – The Hacker News

A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country’s National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications. “The sender claimed that the malicious file attached was a list of ...

Attack Feeds

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades  – The Hacker News

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. “The modifications seen in the TgToxic payloads reflect the actors’ ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the  – Read More  – The Hacker...

Attack Feeds

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals  – The Hacker News

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights  – Read More  – The Hacker News 

Attack Feeds

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware  – The Hacker News

The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It’s tracking the activity under the name Erudite Mogwai. The  – Read More  –...

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.