Category: Attack Feeds

Ransomware groups pose as fake tech support over Teams  – CyberScoop

Researchers at cybersecurity firm Sophos are tracking multiple clusters of hacking activity leveraging Microsoft 365 instances, Microsoft Teams and email bombing tactics to deliver ransomware. In new research released Tuesday, the company said it had identified at least two distinct clusters of hacking activity using the tactics to infect targets between November and December 2024. First, several individuals at an...

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers  – The Hacker News

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet. The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys security researcher Shilpesh  – Read More  – The Hacker News 

From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure  – CyberScoop

Around the world, attacks against critical infrastructure have become increasingly common. More and more, these aggressions are carried out via mice and keyboards rather than bombs and missiles, such as with the 2021 ransomware attack on Colonial Pipeline. From a military strategy perspective, it’s easy to understand why, as cyberattacks against infrastructure can be executed remotely, cheaply, and with comparatively...

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks  – The Hacker News

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity “take[s] advantage of misconfigured DNS records to pass email protection techniques,” Infoblox security researcher David Brunsdon said in a technical report published last week. “This ...

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties  – The Hacker News

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security...

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects  – The Hacker News

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, “Were all functionalities of the web app tested?” or ” Were there any security issues that could have been identified during testing?” often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest  –...

Pwn2Own Automotive 2025: The Full Schedule  – Zero Day Initiative – Blog

こんにちは and welcome to the second annual Pwn2Own Automotive competition. We are at Automotive World in Tokyo, and we’ve brought together some of the best researchers in the world to test the latest automotive components. We had our random drawing for the order of events earlier today, and from that, we have put together the following schedule. Please note that...

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI  – The Hacker News

Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements...

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers  – The Hacker News

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing  – Read...

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits  – The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to ...

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection  – The Hacker News

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications...

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers  – The Hacker News

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor  –...

Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI  – Zero Day Initiative – Blog

For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the single-DIN Pioneer DMH-WT7600NEX. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, USB media playback, and more. This blog post aims to detail some of the attack...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]  – The Hacker News

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can’t be fought with  –...

Mobile Cybercrime in South Africa  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

Cybercrime can be defined as “criminal activities carried out by means of computers or the Internet.” With the growing use of smartphones, mobile devices have become an integral part of this definition, significantly expanding the scope of potential cyber threats. Recent Incidents of Mobile Cybercrime In a notable case, twelve people were recently arrested in […] The post Mobile Cybercrime...

Copier and Printer Identity Theft  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

A Hidden Goldmine for Identity ThievesCopier and Printer Identity Theft Printers, fax machines, and copiers—once considered harmless office staples—have become unexpected goldmines for identity thieves. These devices often contain hard drives that store sensitive and personal information, creating significant vulnerabilities for individuals and businesses alike. The Hidden Threat in Office Equipment Since 2002, nearly all […] The post Copier and...

Ponzi Scams continue to entrap South Africans  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

Ponzi schemes of all sorts are over 150 years old and the reason that they have held such great success is that people continue to fall for them. This is no more true than the uptick in Ponzi schemes in SA, and for every criminal busted by the FSCA (Financial Sector Conduct Authority), it seems […] The post Ponzi Scams...

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP  – The Hacker News

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below – @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool  – Read More ...

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025  – The Hacker News

Popular video-sharing social network TikTok has officially gone dark in the United States, 2025, as a federal ban on the app comes into effect on January 19, 2025. “We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable,” the company said in a pop-up message. “We’re working...

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon  – The Hacker News

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. “People’s Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent  – Read More ...

TSA extends cyber requirements for pipeline owners  – CyberScoop

The Transportation Security Administration is locking in a pair of pipeline directives for additional years ahead of the looming White House transition. In a posting to the Federal Register on Friday, the Department of Homeland Security component said it ratified the Security Directive Pipeline-2021-01 series and the Security Directive Pipeline-2021-02 series and would extend the requirements of each for another...

Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks   – CyberScoop

The Department of the Treasury has sanctioned a Chinese national and a cybersecurity company based in Sichuan, China, for taking part in the Salt Typhoon hacking campaign that has swept up data from at least nine U.S. telecommunications companies. The department’s Office of Foreign Assets Control (OFAC) named Yin Kecheng of Shanghai and the Sichuan Juxinhe Network Technology Co. Ltd.,...

Noem: No anti-disinformation, misinformation action under her as DHS secretary  – CyberScoop

Department of Homeland Security secretary nominee Kristi Noem committed to senators Friday that if confirmed she would keep the department out of efforts to combat disinformation and misinformation, and pledged to make the Cybersecurity and Infrastructure Security Agency “smaller, more nimble.” The South Dakota governor’s remarks signal that the incoming Trump administration will act on an issue that has galvanized...

Closing software-understanding gap is critical to national security, CISA says  – CyberScoop

With Chinese-sponsored hackers lingering in the IT systems of various U.S. critical infrastructure networks, potentially imminent threats to the country’s national security abound. The Cybersecurity and Infrastructure Security Agency and federal partners hope to lessen that threat by closing a so-called “software understanding gap.” In a document released Thursday with the Defense Advanced Research Projects Agency, the Office of the...

Closing software-understanding gap is critical to national security, CISA says  – CyberScoop

With Chinese-sponsored hackers lingering in the IT systems of various U.S. critical infrastructure networks, potentially imminent threats to the country’s national security abound. The Cybersecurity and Infrastructure Security Agency and federal partners hope to lessen that threat by closing a so-called “software understanding gap.” In a document released Thursday with the Defense Advanced Research Projects Agency, the Office of the...

Restoring U.S. cyber resilience: A blueprint for the new administration  – CyberScoop

As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran, North Korea and Russia coincide with fractured global governance and a shifting domestic policy landscape. This moment presents a unique opportunity for the administration to establish itself as a global leader in offensive cybersecurity...

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation  – The Hacker News

Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking applications,” Claroty’s Tomer Goldschmidt said in a Thursday report. “An attacker  – Read More  – The Hacker News 

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation  – The Hacker News

Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. “Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps,” Imperva researcher Daniel Johnston said in an analysis. “These attacks  – Read More  –...

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs  – The Hacker News

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People’s Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. “These  –...

New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass  – The Hacker News

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that’s capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting  – Read...

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?  – The Hacker News

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,  – Read More  – The Hacker News 

How HHS has strengthened cybersecurity of hospitals and health care systems  – CyberScoop

Hospitals and health systems across the country are experiencing a significant rise in cyberattacks. These cyber incidents have caused extended disruptions, patient diversion to other facilities, and the cancellation of medical appointments and procedures — all of which undermine patient care and safety. These attacks also expose vulnerabilities in our health care system and degrade patient trust. The more they...

No, Brad Pitt isn’t in love with you  – Graham Cluley

No, Brad Pitt isn’t in love with you. A French woman was duped into believing a hospitalised Brad Pitt had fallen in love with her. The scammers even faked a “breaking news” report announcing the revelation of Brad’s new love… Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China  – The Hacker News

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users’ data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data  – Read More ...

Treasury sanctions North Korea over remote IT worker schemes  – CyberScoop

The U.S. Treasury Department announced sanctions Thursday against two individuals and four entities allegedly involved in generating revenue for North Korea through illicit remote IT workforce operations, the latest salvo in ongoing efforts to disrupt financial streams that support Pyongyang’s weapons programs. The sanctions focus on efforts in which North Korea sent thousands of skilled IT professionals outside of the...

Biden cyber executive order gets mostly plaudits, but its fate is uncertain  – CyberScoop

A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats and Republicans, told CyberScoop there...

Chinese Innovations Spawn Wave of Toll Phishing Via SMS  – Krebs on Security

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.