Category: Attack Feeds

What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just clever—it’s  – Read More  –...

With the digital transformation movement sweeping the world and cyber threats evolving simultaneously to pose greater and greater…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack  – Read More ...

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,”  – Read More  – The Hacker News 

Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets  – Read More  –...

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid...

Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by the company so far in...

A bipartisan Senate bill would formally ban the use of DeepSeek by federal contractors, part of a larger effort to keep the Chinese-made large language model out of government systems and networks, where lawmakers fear it could pose cybersecurity and national security concerns. The bill, introduced by Sens. Bill Cassidy, R-La., and Jacky Rosen, D-Nev., would bar federal contractors from...

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4 in  – Read More ...

A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich  – Read More  –...

Cofense Intelligence reveals a novel phishing technique using blob URIs to create local fake login pages, bypassing email…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A flaw in Microsoft Entra ID’s legacy login allowed attackers to bypass MFA, targeting admin accounts across finance,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Oh dear, what a shame, never mind. Read more in my article on the Tripwire State of Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. “Disguised as developer tools offering ‘the cheapest Cursor API,’ these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor’s  – Read More  – The Hacker News 

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time...

Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. “The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox,” Cisco Talos  – Read More  –...

GlobalX Airlines, a charter airline being used by the US government for deportation flights, has been attacked by hacktivists who have made off with what they claim are detailed flight records and passenger manifests. Read more in my article for the Hot for Security blog.  – Read More  – Graham Cluley 

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct  – Read More  – The Hacker News 

Google on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. “The on-device approach provides instant insight on risky websites and allows us to offer  –...

A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw  – Read More  –...

Cloud-native applications offer scalable, automated workflows, intelligent data processing, and seamless deployments. However, many organizations still struggle to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

PowerSchool paid ransom after a major data breach; now hackers are targeting teachers and schools with direct extortion…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Another top appropriations Democrat criticized budget cuts affecting the Cybersecurity and Infrastructure Security Agency, saying the Trump administration has “illegally gutted funding for cybersecurity.” Connecticut Sen. Chris Murphy, the ranking member on the Senate Appropriations Subcommittee on Homeland Security, made his remarks Thursday to Department of Homeland Security Secretary Kristi Noem at a hearing on the administration’s fiscal 2026 budget....

LockBit’s dark web domains were hacked, exposing internal data, affiliate tools, and over 60,000 Bitcoin wallets in a…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. “FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io  – Read More  – The Hacker News 

Bitdefender exposes Facebook ad scams using fake crypto sites and celebrity lures to spread malware via malicious desktop…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below – CVE-2025-32819 (CVSS score: 8.8) – A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an ...

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. “NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks,” Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl ...

Scammers are using fake AI tools and Facebook ads to spread Noodlophile Stealer malware, targeting users with a…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. “The ANEL file...

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or...

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker,” the Google Threat  – Read More  – The...

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. “This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT)...

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of “Malware or metal?”, and we wonder just happens when you have sex on top of a piano? All this and more is discussed in...

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals. In an indictment...

Five months after education software vendor PowerSchool paid an unnamed threat actor a ransom in exchange for the deletion of sensitive stolen data, some of the company’s customers are now receiving extortion demands.  A threat actor, who may or not be the same criminal group behind the attack, has contacted four school district customers of PowerSchool in the past few...

CrowdStrike is cutting 5% of its workforce, about 500 positions, telling its staff that it’s shifting resources and realigning its operating model for growth in new market segments, according to a Wednesday filing with the Securities and Exchange Commission. The company is slashing headcount following a year of significant growth in a strong market. CrowdStrike’s revenue jumped 29% year-over-year to $3.95...

ClickFunnels is investigating a data breach after hackers leaked detailed business data, including emails, phone numbers, and company…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there’s a problem: they stop short of where the most sensitive user activity actually happens—the browser. This isn’t a small omission. It’s a structural  – Read More  –...

In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trend™ Research Team detail a recently patched code execution vulnerability in the Apple macOS operating system. This bug was originally discovered by Hossein Lotfi of the Trend™  Zero Day Initiative. Successful exploitation could result in arbitrary code execution on the target machine...

Authorities in Poland have arrested four people accused of administrating and selling access to distributed denial of service (DDoS) services, according to a press release from Europol.   The suspects are believed to have operated six so-called “stresser” or “booter” services that enabled customers across the world to launch thousands of attacks on targets ranging from government offices to businesses and...

US jury orders NSO Group to pay $168M to WhatsApp and Meta over Pegasus spyware use in 2019…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  “This is due to the create_wp_connection() function missing a capability check and  – Read More  –...

Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms. “The suspects are believed to be behind six separate  – Read...

Polish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Austin, USA / Texas, 7th May 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is  – Read More  – The Hacker News 

CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It...