Category: Attack Feeds

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below – CVE-2024-57726 (CVSS score: 9.9) – A missing authorization vulnerability in  – Read … Read More “CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline  – The Hacker News” »

Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The latest attempt to re-up a controversial expiring surveillance law has failed to placate vocal critics on both the left and right of the political spectrum. Two House votes failed last week to extend the spying powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA) for 18 months without changes, leading to Congress … Read More “Latest spy power reauthorization bill leaves critics unimpressed  – CyberScoop” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access … Read More “FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches  – The Hacker News” »

GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control … Read More “NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software  – The Hacker News” »

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. “Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions … Read More “26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases  – The Hacker News” »

The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge … Read More “Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine  – The Hacker News” »

French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to … Read More “Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2  – The Hacker News” »

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. … Read More “LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure  – The Hacker News” »

Washington’s focus on online retailer Coupang has led to accusations that the Trump administration is tying issues of national security to domestic corporate matters When South Korea’s biggest online retailer revealed last year that a data breach had compromised tens of millions of customer accounts, it appeared to be a corporate crisis. But five months … Read More “How a simple consumer data breach spiralled into a national security crisis in US-South Korea relations  – Data and computer security | The Guardian” »

Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise.  The company, which makes tools and hosts cloud infrastructure for developers, maintains a “small number” of accounts were impacted, but it has yet to share a number or range of … Read More “Vercel attack fallout expands to more customers and third-party systems  – CyberScoop” »

A state-sponsored hacking group has implanted a custom backdoor on Cisco network security devices that can survive firmware updates and standard reboots, U.S. and British cybersecurity authorities disclosed Thursday, marking a significant escalation in a campaign that has targeted government and critical infrastructure networks since at least late 2025. The Cybersecurity and Infrastructure Security Agency … Read More “US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied  – CyberScoop” »

Campaigns employing commercial surveillance vendors tracked targets by exploiting mobile phone network vulnerabilities in what researchers said Thursday was the first-ever linking of “real-world attack traffic to mobile operator signalling infrastructure.” The two unknown parties behind the campaigns mimicked the identities of mobile phone operators with customized surveillance tools, and manipulated signaling protocols and steered … Read More “Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities  – CyberScoop” »

One day AI may be capable of creating malware that threatens critical infrastructure. But that day was not earlier this month, when reports surfaced of a new piece of malware seemingly configured to search for and sabotage Israeli water infrastructure, according to industrial cybersecurity firm Dragos.  The malware, called ZionSiphon, was first identified by AI … Read More “Dragos: Despite AI use, new malware targeting water plants is ‘hype’  – CyberScoop” »

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from … Read More “UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware  – The Hacker News” »

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

U.S. and international government agencies warned Thursday about a “widespread shift” in Chinese hacker methods toward the use of large-scale covert networks that compromise common devices to carry out a variety of attacks. The advisory details how those networks work, and defensive steps organizations should take. “Over the past few years there has been a … Read More “A dozen allied agencies say China is building covert hacker networks out of everyday routers  – CyberScoop” »

U.S. and international government agencies warned Thursday about a “widespread shift” in Chinese hacker methods toward the use of large-scale covert networks that compromise common devices to carry out a variety of attacks. The advisory details how those networks work, and defensive steps organizations should take. “Over the past few years there has been a … Read More “A dozen allied agencies say China is building covert hacker networks out of everyday routers  – CyberScoop” »

In this excerpt of a TrendAI Research Services vulnerability report, Richard Chen and Lucas Miller of the TrendAI Research team detail a recently patched double free vulnerability in the Windows Internet Key Exchange (IKE) service. This bug was originally discovered by WARP & MORSE team at Microsoft. Successful exploitation could result in a crash of … Read More “CVE-2026-33824: Remote Code Execution in Windows IKEv2  – Zero Day Initiative – Blog” »

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than … Read More “ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories  – The Hacker News” »

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. “The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said. “The attack appears to … Read More “Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign  – The Hacker News” »

Technology minister tells Commons ‘de-identified’ information from UK Biobank advertised for sale on Alibaba UK politics live – latest updates The confidential health records of half a million British volunteers have been offered for sale on Chinese website Alibaba, the UK government has confirmed. The data, belonging to participants in the UK Biobank project, was … Read More “Private health records of half a million Britons offered for sale on Chinese website  – Data and computer security | The Guardian” »

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can. Mythos Preview, the model that … Read More “Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?  – The Hacker News” »

Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We … Read More “[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed  – The Hacker News” »

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction. “Notifications marked for deletion could be … Read More “Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case  – The Hacker News” »

Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators, alongside a review of requests … Read More “Vercel Finds More Compromised Accounts in Context.ai-Linked Breach  – The Hacker News” »

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. “The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal,” Slovakian cybersecurity company ESET said in a report shared … Read More “China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors  – The Hacker News” »

A company that ran anonymous tip lines for 35,000 American schools – handling reports of bullying, weapons, and self-harm – boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a challenge, with predictable results… Meanwhile, Rockstar Games gets hacked … Read More “Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not  – GRAHAM CLULEY” »

Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

House Republicans unveiled on Wednesday Congress’ latest effort to tackle comprehensive digital privacy legislation for Americans. The Secure Data Act would allow consumers to opt out of data collection for individual businesses for the purposes of targeted advertising, selling to third parties or for use in automated decisionmaking. It would also require companies to inform … Read More “House Republicans roll out national privacy bill  – CyberScoop” »

Sean Plankey, the long-sidelined nominee to lead the Cybersecurity and Infrastructure Security Agency, asked President Donald Trump on Wednesday to withdraw his nomination. “At this point in time, I am asking the President to remove my nomination from consideration,” he said in a notification letter seen by CyberScoop. “After thirteen months since my initial nomination, it … Read More “CISA director pick Sean Plankey withdraws his nomination  – CyberScoop” »

Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official … Read More “Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain  – The Hacker News” »

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of … Read More “Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens  – The Hacker News” »

Compare Broadcom TDM and K2view across architecture, integration, masking, and scalability to find the right test data management solution for your needs.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the … Read More “Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API  – The Hacker News” »

The Supreme Court will hear oral arguments Monday in a case that could limit the government’s ability to obtain bulk digital data of device users with a single warrant, in a rare instance of the country’s top justices taking on digital rights. Chatrie v. The United States is the first major Fourth Amendment case the … Read More “The Supreme Court is about to decide how far geofence warrants can go  – CyberScoop” »

Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Acronis reveals Mustang Panda is using a new LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API … Read More “Toxic Combinations: When Cross-App Permissions Stack into Risk  – The Hacker News” »

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky. “Two … Read More “Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack  – The Hacker News” »

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw. “Improper verification of … Read More “Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug  – The Hacker News” »

Many security leaders are still operating with frameworks built for a different era. For years, success was measured by fixed checkpoints, such as passing audits, closing vulnerabilities, and maintaining compliance. Those markers still have value, but they were designed for a threat landscape that moved in predictable, linear ways. Today, that landscape is shifting in … Read More “The AI era demands a different kind of CISO  – CyberScoop” »

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. “Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,” according … Read More “Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape  – The Hacker News” »

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector. “The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than  – Read More  … Read More “Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles  – The Hacker News” »

2Apply’s over-collection of personal information adds to the power of the real estate industry in the competitive rental market, Carly Kind says Follow our Australia news live blog for latest updates Get our breaking news email, free app or daily news podcast An online rental platform has been urged to stop collecting users’ personal information … Read More “Rental platform unnecessarily collected the data of millions of Australians, privacy commissioner finds  – Data and computer security | The Guardian” »