Category: Attack Feeds

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads  – The Hacker News

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. “These two payload samples are  – Read More  –...

New Research: The State of Web Exposure 2025  – The Hacker News

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here. New research by web exposure management specialist Reflectiz reveals...

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation  – The Hacker News

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. “Pre-authentication deserialization of untrusted data vulnerability has been identified in...

How to Eliminate Identity-Based Threats  – The Hacker News

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of  – Read More  – The Hacker News 

QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features  – The Hacker News

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. “BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks,” Walmart’s Cyber Intelligence team told The Hacker News. “The BackConnect(s) in use were ‘DarkVNC’ alongside the IcedID  – Read...

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)  – The Hacker News

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. “This  –...

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware  – The Hacker News

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. “This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity,” the tech giant’s cloud division said in its 11th  – Read More  – The...

Pwn2Own Automotive 2025 – Day Two Results  – Zero Day Initiative – Blog

Welcome to the second day of Pwn2Own Automotive 2025. Yesterday, we awarded more than $380,000 for 16 unique 0-days – and we had several bug collisions as well. Today looks to be even better, with the WOLFBOX and Tesla EV chargers making their Pwn2Own debut. Here’s how the Master of Pwn standings look at the beginning of Day Two: We’ll...

Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose  – Graham Cluley

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault. Plus – don’t miss our featured interview with Avery Pennarun of Tailscale.  – Read...

Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker  – CyberScoop

The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration’s decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a memorandum Monday that strips all...

BreachForums founder to be resentenced after court vacates previous punishment  – CyberScoop

A U.S. appeals court has vacated the initial sentence given to Conor Brian Fitzpatrick, who pleaded guilty in 2023 for charges related to his work as founder of the notorious BreachForums website. The appeal, filed by the U.S. government, signals that a new sentence could be much more harsh than the one initially issued last year.  Fitzpatrick, operating under the...

‘Severe’ bug in ChatGPT’s API could be used to DDoS websites  – CyberScoop

A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST requests to the back-end server....

CloudFlare detected (and blocked) the biggest DDoS attack on record  – CyberScoop

Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research released Tuesday that the attack,...

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review  – The Hacker News

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  “In alignment with the Department of Homeland Security’s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory  – Read More  –...

MasterCard DNS Error Went Unnoticed for Years  – Krebs on Security

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by...

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet  – The Hacker News

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some  – Read More ...

Government battles against tech could leave consumers less secure  – CyberScoop

Regulators around the globe are seeing the market power of consumer-facing tech companies and bringing cases against some of the industry’s biggest household names. They portray these legal fights as the conflicts of giants: the companies versus government regulators. Regulators have an essential mission to ensure companies play by the rules, preserving competition and giving people choices within those markets....

President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison  – The Hacker News

U.S. President Donald Trump on Tuesday granted a “full and unconditional pardon” to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending 11 years behind bars. “I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my...

Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks  – The Hacker News

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have  – Read...

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack  – The Hacker News

A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. “The attackers replaced the legitimate installer with one that also deployed the group’s signature implant that we have named SlowStepper – a  – Read...

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products  – The Hacker News

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. “Easily exploitable  –...

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device  – The Hacker News

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated  –...

Ransomware groups pose as fake tech support over Teams  – CyberScoop

Researchers at cybersecurity firm Sophos are tracking multiple clusters of hacking activity leveraging Microsoft 365 instances, Microsoft Teams and email bombing tactics to deliver ransomware. In new research released Tuesday, the company said it had identified at least two distinct clusters of hacking activity using the tactics to infect targets between November and December 2024. First, several individuals at an...

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers  – The Hacker News

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet. The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys security researcher Shilpesh  – Read More  – The Hacker News 

From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure  – CyberScoop

Around the world, attacks against critical infrastructure have become increasingly common. More and more, these aggressions are carried out via mice and keyboards rather than bombs and missiles, such as with the 2021 ransomware attack on Colonial Pipeline. From a military strategy perspective, it’s easy to understand why, as cyberattacks against infrastructure can be executed remotely, cheaply, and with comparatively...

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks  – The Hacker News

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity “take[s] advantage of misconfigured DNS records to pass email protection techniques,” Infoblox security researcher David Brunsdon said in a technical report published last week. “This ...

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties  – The Hacker News

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security...

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects  – The Hacker News

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, “Were all functionalities of the web app tested?” or ” Were there any security issues that could have been identified during testing?” often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest  –...

Pwn2Own Automotive 2025: The Full Schedule  – Zero Day Initiative – Blog

こんにちは and welcome to the second annual Pwn2Own Automotive competition. We are at Automotive World in Tokyo, and we’ve brought together some of the best researchers in the world to test the latest automotive components. We had our random drawing for the order of events earlier today, and from that, we have put together the following schedule. Please note that...

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI  – The Hacker News

Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements...

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers  – The Hacker News

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing  – Read...

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits  – The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to ...

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection  – The Hacker News

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications...

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers  – The Hacker News

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor  –...

Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI  – Zero Day Initiative – Blog

For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the single-DIN Pioneer DMH-WT7600NEX. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, USB media playback, and more. This blog post aims to detail some of the attack...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.