Category: Attack Feeds

Security specialists at Edera discovered and disclosed a high-severity vulnerability in an early and since-abandoned code for an open-source async tar archive library for the Rust programming language.  Researchers warned that potential exploitation, which allows for remote code execution, could bear major impacts due to widespread forking and a lack of visibility into the code’s … Read More “Researchers uncover remote code execution flaw in abandoned Rust code library  – CyberScoop” »

The federal government is shut down and the House remains out of session, but work in the Senate continues, as a bipartisan bill designed to crack down on overseas robocalls  advanced through a key committee Tuesday. The Foreign Robocall Elimination Act, sponsored by Sens. Ted Budd, R-N.C., and Peter Welch, D-Vt., would create a new … Read More “Robocalling task force bill advances in Senate  – CyberScoop” »

Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose. The TLS-based ELF implant, at … Read More “PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign  – The Hacker News” »

Meta on Tuesday said it’s launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it’s introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like … Read More “Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams  – The Hacker News” »

Veeam announced Tuesday it agreed to acquire Securiti AI for $1.725 billion, marking the data protection company’s largest acquisition and its entry into the artificial intelligence security market as enterprises struggle to deploy AI systems safely. The deal, expected to close in early December, comes as organizations face mounting challenges in managing data across fragmented … Read More “Veeam acquires Securiti AI for $1.7 billion  – CyberScoop” »

Dataminr, a New York-based company specializing in real-time threat intelligence, announced plans Tuesday to acquire ThreatConnect, a cybersecurity threat intelligence provider, for $290 million. The acquisition will combine Dataminr’s AI-powered analysis of public data with ThreatConnect’s internal threat management capabilities, creating what the companies describe as “Client-Tailored intelligence” that adapts to individual customer needs. The … Read More “Dataminr to acquire cybersecurity firm ThreatConnect for $290 million  – CyberScoop” »

Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone can’t match. But realizing that potential depends on securing the systems that make it possible. Every … Read More “Securing AI to Benefit from AI  – The Hacker News” »

Welcome to Day One of Pwn2Own Ireland 2025! We have 17 attempts today with some exciting research on display. We’ll be posting results here as we have them, and follow us on Twitter, Mastodon, and Bluesky. SUCCESS – Team Neodyme used a stack based buffer overflow to exploit the HP DeskJet 2855e. They earn $20,000 … Read More “Pwn2Own Ireland 2025: Day One Results  – Zero Day Initiative – Blog” »

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access. Salt Typhoon, also … Read More “Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network  – The Hacker News” »

A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor. The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days … Read More “Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a  – … Read More “Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets  – The Hacker News” »

China’s Ministry of State Security accused the National Security Agency of conducting a yearslong attack on China’s national timekeeping infrastructure to steal sensitive data and infiltrate the service for potential sabotage.  The NSA gained initial access to China’s National Time Service Center systems in April 2023 by using credentials lifted from employees’ mobile devices that … Read More “China’s spy agency accuses NSA of yearslong attack on the country’s timekeeping service  – CyberScoop” »

A nonprofit organization has filed a formal complaint with the Federal Trade Commission, claiming Google’s business practices around children and teenagers violates U.S. privacy laws and constitutes unfair and deceptive practices. The complaint, filed by the Digital Childhood Institute, lays out five core claims against the tech giant: that it “knowingly” markets adult-themed or age-restricted … Read More “Apple and Google challenged by parents’ rights coalition on youth privacy protections  – CyberScoop” »

A nonprofit organization has filed a formal complaint with the Federal Trade Commission, claiming Google’s business practices around children and teenagers violates U.S. privacy laws and constitutes unfair and deceptive practices. The complaint, filed by the Digital Childhood Institute, lays out five core claims against the tech giant: that it “knowingly” markets adult-themed or age-restricted … Read More “Apple and Google challenged by parents’ rights coalition on youth privacy protections  – CyberScoop” »

Welcome to Pwn2Own Ireland 2025! We have some amazing spooky entries for this year’s contest, and a potential of up to $2,000,000 – including our largest ever single prize for a 0-click in WhatsApp for $1,000,000. As always, we began our contest with a random drawing to determine the order of attempts. If you missed … Read More “Pwn2Own Ireland 2025: The Full Schedule  – Zero Day Initiative – Blog” »

WhatsApp has won a ruling against spyware maker NSO Group forbidding it from targeting its users, while NSO Group in the same ruling got a massive reduction to the punitive damages a court had previously awarded. Northern California District Court Judge Phyllis Hamilton granted the permanent injunction in a ruling late Friday. In doing so, … Read More “Judge forbids NSO Group from targeting WhatsApp users  – CyberScoop” »

On April 16, less than a month after nonprofit R&D organization MITRE celebrated the 25th anniversary of the Common Vulnerability and Exposures (CVE) effort, the program narrowly escaped a sudden demise when a last-minute, 11-month contract extension averted a shutdown.  That near-miss put vulnerability experts and cybersecurity defenders on edge, most of whom still fear … Read More “Behind the struggle for control of the CVE program  – CyberScoop” »

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. … Read More “131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign  – The Hacker News” »

ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.  ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error … Read More “Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches  – The Hacker News” »

It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect. Here’s a quick look … Read More “⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More  – The Hacker News” »

China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a “premeditated” cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a “hacker empire” and the “greatest source of chaos in cyberspace.” The Ministry of State Security (MSS), in a WeChat post, said it uncovered “irrefutable … Read More “MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems  – The Hacker News” »

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects … Read More “Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide  – The Hacker News” »

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is … Read More “New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs  – The Hacker News” »

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). “The campaign relied on phishing emails with PDFs that contained embedded malicious links,” Pei Han Liao, … Read More “Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT  – The Hacker News” »

European law enforcement dismantled and seized an expansive cybercrime operation used to facilitate phishing attacks via mobile networks for fraud, including account intrusions, credential and financial data theft, Europol said Friday. Investigators from Austria, Estonia and Latvia linked the cybercrime networks to more than 3,200 fraud cases, which also involved investment scams and fake emergencies … Read More “Europol dismantles cybercrime network linked to $5.8M in financial losses  – CyberScoop” »

Suspected Iranian hackers infiltrated former national security adviser John Bolton’s email account and threatened to release sensitive materials, his indictment alleges. The indictment on charges that Bolton mishandled classified information, released Thursday, comes after President Donald Trump’s unprecedented public call for the Justice Department to prosecute his enemies. Bolton served under Trump in his first … Read More “John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats  – CyberScoop” »

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the … Read More “North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware  – The Hacker News” »

The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn’t some dystopian fantasy—it’s Tuesday at the office now. We’ve entered a new … Read More “Identity Security: Your First and Last Line of Defense  – The Hacker News” »

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, … Read More “Email Bombs Exploit Lax Authentication in Zendesk  – Krebs on Security” »

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including  – Read … Read More “Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices  – The Hacker News” »

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in … Read More “Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign  – The Hacker News” »

North Korean operatives that dupe job seekers into installing malicious code on their devices have been spotted using new malware strains and techniques, resulting in the theft of credentials or cryptocurrency and ransomware deployment, according to researchers from Cisco Talos and Google Threat Intelligence Group. Cisco Talos said it observed an attack linked to Famous … Read More “North Korean operatives spotted using evasive techniques to steal data and cryptocurrency  – CyberScoop” »

A misconfigured server belonging to Indian company NetcoreCloud exposed 40 billion records and 13.4TB of data, revealing sensitive…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. “This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the … Read More “LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets  – The Hacker News” »

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. “UNC5142 is characterized by its use of compromised WordPress websites and ‘EtherHiding,’ a technique … Read More “Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites  – The Hacker News” »

A threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method. The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat … Read More “North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts  – The Hacker News” »

If you just want to read the rules, click here.  Now entering its third year, Pwn2Own Automotive returns to Automotive World in Tokyo on January 21 – 23, 2026. Over the last two years, we’ve awarded more than $2,000,000 for the latest in automotive exploitations, and this year looks to be even better. As always, … Read More “Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More!  – Zero Day Initiative – Blog” »

Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the … Read More “Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in “Zero Disco’ Attacks  – The Hacker News” »

Scaling the SOC with AI – Why now?  Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go … Read More “Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform  – The Hacker News” »

The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent support number.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & … Read More “New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto” »

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results.  The benefits of pen testing are clear. By empowering “white hat” hackers to attempt to breach your system using … Read More “Beware the Hidden Costs of Pen Testing  – The Hacker News” »