Category: Attack Feeds

Threat intelligence professionals have a sense of foreboding about a maximum-severity vulnerability Forta disclosed last week in its file-transfer service GoAnywhere MFT, as they steel themselves for active exploitation and signs of compromise. Forta has not declared the defect actively exploited and did not answer questions to that effect from CyberScoop. Yet, researchers at watchTowr … Read More “Worries mount over max-severity GoAnywhere defect  – CyberScoop” »

The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new “lightweight” malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a  … Read More “New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks  – The Hacker News” »

California-based Archer Health exposed 23GB of patient records, including SSNs, IDs, and medical files, after an unprotected database was found online.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box.  But none of that proves what matters most to a … Read More “Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions  – The Hacker News” »

Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. “This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms,” the Microsoft Threat Intelligence team said in a Thursday report. “It employs sophisticated encryption and obfuscation  … Read More “New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module  – The Hacker News” »

Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. “This is not ‘just’ a CVSS 10.0 flaw in a solution long favored … Read More “Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure  – The Hacker News” »

The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. “The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, … Read More “Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware  – The Hacker News” »

The Cybersecurity and Infrastructure Security Agency acknowledged it’s yet to get a complete handle on the scope and impact of attacks involving Cisco zero-day vulnerabilities that prompted it to release an emergency directive Thursday.  The attack timeline dates back almost a year, according to an investigation Cisco and federal authorities did behind the scenes to … Read More “CISA says it observed nearly year-old activity tied to Cisco zero-day attacks  – CyberScoop” »

Federal cyber authorities sounded a rare alarm Thursday, issuing an emergency directive about an ongoing and widespread attack spree involving actively exploited zero-day vulnerabilities affecting Cisco firewalls.  Cisco said it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May. The vendor, which attributes the attacks to the same threat group … Read More “CISA alerts federal agencies of widespread attacks using Cisco zero-days  – CyberScoop” »

Austin / TX, United States, 25th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Firm, which has 18 sites around London and more in US, India and China, has received ransom demand, say reports The names, pictures and addresses of about 8,000 children have reportedly been stolen from the Kido nursery chain by a gang of cybercriminals. The criminals have demanded a ransom from the company – which has … Read More “Hackers reportedly steal details of 8,000 children from Kido nursery chain  – Data and computer security | The Guardian” »

The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. “Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,” Infoblox … Read More “Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network  – The Hacker News” »

Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below – CVE-2025-20333 (CVSS score: 9.9) – An … Read More “Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive  – The Hacker News” »

As government looks for ways to tackle illegal immigration, move will spark battle with civil liberties campaigners All working adults will need digital ID cards under plans to be announced by Keir Starmer in a move that will spark a battle with civil liberties campaigners. The prime minister will set out the plans on Friday … Read More “Keir Starmer expected to announce plans for digital ID cards  – Data and computer security | The Guardian” »

As Keir Starmer appear poised to introduce such a scheme, we look at the arguments for and against it It is 21 years since Tony Blair’s government made proposals for an ID card system to tackle illegal working and immigration, and to make it more convenient for the public to access services. The same issues … Read More “Digital ID cards: a versatile and useful tool, or a worrying cybersecurity risk?  – Data and computer security | The Guardian” »

Department of Government Efficiency practices at three federal agencies “violate statutory requirements, creating unprecedented privacy and cybersecurity risks,” according to a report that Senate Homeland Security and Governmental Affairs Committee Democrats published Thursday. The report — drawn from a mix of media reports, legal filings, whistleblower disclosures to the committee and staff visits to the … Read More “Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules  – CyberScoop” »

New Lone None Stealer uses Telegram C2 and DLL side-loading to grab passwords, credit cards, and crypto. Find out how to spot this highly evasive phishing scam.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity firm Noma Security reveals ForcedLeak, a critical flaw in Salesforce Agentforce that allowed data theft. Learn what companies need to do now to secure AI agents.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cisco Systems has issued security updates to address a critical vulnerability in its widely deployed IOS and IOS XE network operating systems, after confirming the flaw is being exploited in active attacks. Designated CVE-2025-20352, the vulnerability resides in the Simple Network Management Protocol (SNMP) subsystem of Cisco’s core network software. According to Cisco, the weakness … Read More “Cisco uncovers new SNMP vulnerability used in attacks on IOS devices  – CyberScoop” »

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security,  – Read … Read More “Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection  – The Hacker News” »

Artificial intelligence is no longer a future concept; it is being integrated into critical infrastructure, enterprise operations and security missions around the world. As we embrace AI’s potential and accelerate its innovation, we must also confront a new reality: the speed of cybersecurity conflict now exceeds human capacity. The timescale for effective threat response has … Read More “Contain or be contained: The security imperative of controlling autonomous AI  – CyberScoop” »

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows,  – Read More  … Read More “North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers  – The Hacker News” »

/* ===== Container ===== */ .td-wrap /* ===== Section ===== */ .td-section .td-title margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; .td-subtitle margin: 0 0 24px; color: #64748b; font-size: 16px; /* ===== Timeline ===== */ .td-timeline position: relative; margin: 0 !important;padding: 0!important; list-style: none; /* spine */ .td-timeline:before   – Read More  – … Read More “Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More  – The Hacker News” »

Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why?  It’s not because security teams can’t see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It’s a tsunami of red dots that not … Read More “CTEM’s Core: Prioritization and Validation  – The Hacker News” »

China-backed UNC5221 targets US legal and tech firms by deploying BRICKSTORM malware on neglected VMware and Linux/BSD appliances, Google’s Mandiant reports.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability (CVE-2025-10035) in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target … Read More “Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds  – The Hacker News” »

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply … Read More “Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed  – The Hacker News” »

Luxembourg, Luxembourg, 25th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it … Read More “Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software  – The Hacker News” »

Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, … Read More “Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware  – Graham Cluley” »

The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking the activity under the moniker TAG-100, has now graduated it to a hacking group … Read More “Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike  – The Hacker News” »

While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team discovered a critical vulnerability in the NVIDIA Merlin Transformers4Rec library that could allow an attacker to achieve remote code execution with root privileges. This vulnerability, tracked as CVE-2025-23298, stems from … Read More “CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin  – Zero Day Initiative – Blog” »

Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, is designed to facilitate  – Read … Read More “UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors  – The Hacker News” »

The 19-year-old U.K. national who was arrested at his London residence last week was a highly prolific cybercriminal and a core member of the nebulous hacker subset of The Com, researchers told CyberScoop. Authorities’ yearslong quest to uncover the identities of Scattered Spider associates and charge them with serious crimes reached a tipping point with … Read More “Teen arrested in UK was a core figure in Scattered Spider’s operations  – CyberScoop” »

Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below – CVE-2025-10643 (CVSS score: 9.1) – An authentication bypass vulnerability that  – Read … Read More “Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models  – The Hacker News” »

Ambitious, suspected Chinese hackers with a slew of goals — stealing intellectual property, mining intelligence on national security and trade, developing avenues for future advanced cyberattacks — have been setting up shop inside U.S. target networks for exceptionally long stretches of time, in a breach that the researchers who uncovered it said could present problems … Read More “Brickstorm malware powering ‘next-level’ Chinese cyberespionage campaign  – CyberScoop” »

Cloudflare stopped a record 22.2 Tbps DDoS attack, showing how massive these threats have become and why strong DDoS attack protection is essential.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

UK police arrest man over cyberattack on Collins Aerospace that disrupted check-in at Heathrow, Berlin, Brussels and other airports.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face … Read More “Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms  – Krebs on Security” »

Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share “significant” source code overlaps with IcedID and Latrodectus. “The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks,” Zscaler ThreatLabz said in a Tuesday report. … Read More “New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus  – The Hacker News” »

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here.  TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers … Read More “iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks  – The Hacker News” »

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here.  TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers … Read More “iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks  – The Hacker News” »

Most businesses don’t make it past their fifth birthday – studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, … Read More “How One Bad Password Ended a 158-Year-Old Business  – The Hacker News” »

The FBI is warning internet users about fake versions of its official IC3 cybercrime reporting website. Learn how to spot these ‘spoofed’ sites, avoid scams where criminals impersonate agents, and protect your personal information by following the FBI’s crucial safety tips.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) … Read More “Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials  – The Hacker News” »

Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity. “Libraesva ESG is affected by a command injection flaw that can be triggered by … Read More “State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability  – The Hacker News” »