Category: Attack Feeds

Newark, United States, 9th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small … Read More “SaaS Breaches Start with Tokens – What Security Teams Must Watch  – The Hacker News” »

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Communications and Information Protection (SSSCIP) said. “Hackers now employ it not only to generate phishing messages, but some of the malware samples we have … Read More “From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine  – The Hacker News” »

Business email compromise, commonly known as “BEC” has become a major issue inthe corporate world. Globally, this condition has been a challenge for the legalauthorities as to exactly who is liable for the damages caused by BEC. South Africancompanies are suffering under the weight of BEC crimes as the courts grapple with themultitude of cases … Read More “Who is Ultimately Responsible for Business Email Compromise?  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the  … Read More “Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme  – The Hacker News” »

Your computer’s mouse might not be as innocent as it looks – and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their … Read More “Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience  – Graham Cluley” »

Voting rights groups are asking a court to block an ongoing Trump administration effort to merge disparate federal and state voter data into a massive citizenship and voter fraud database. Last week, the League of Women Voters, the Electronic Privacy Information Center (EPIC) and five individuals sued the federal government in D.C. District Court, saying … Read More “Voting groups ask court for immediate halt to Trump admin’s SAVE database overhaul  – CyberScoop” »

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. “Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company  – … Read More “Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks  – The Hacker News” »

Met Police arrested two teenagers over the Kido nursery ransomware attack, which exposed data for 8,000 children. Full details on the hack and police investigation.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka … Read More “Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave  – The Hacker News” »

Encryption lives on in Europe. For now. The German government has said it will oppose a piece of European Union legislation later this month that would subject phones and other devices to mass scanning — prior to encryption — by the government for evidence of child sexual abuse material.   Federal Minister of Justice Stefanie Hubig … Read More “German government says it will oppose EU mass-scanning proposal  – CyberScoop” »

In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN-26922, addressed by Autodesk in July 2025): Is this an exploitable crash? From the debugger output crash point as seen above, unclear whether anything is controllable. At around … Read More “Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing  – Zero Day Initiative – Blog” »

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker … Read More “LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem  – The Hacker News” »

OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Tel Aviv, Israel, 8th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an … Read More “Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now  – The Hacker News” »

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops … Read More “Step Into the Password Graveyard… If You Dare (and Join the Live Session)  – The Hacker News” »

Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The … Read More “OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks  – The Hacker News” »

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord … Read More “ShinyHunters Wage Broad Corporate Extortion Spree  – Krebs on Security” »

Microsoft Threat Intelligence said a cybercriminal group it tracks as Storm-1175 has exploited a maximum-severity vulnerability in GoAnywhere MFT to initiate multi-stage attacks including ransomware. Researchers observed the malicious activity Sept. 11, Microsoft said in a blog post Monday. Microsoft’s research adds another substantive chunk of evidence to a growing collection of intelligence confirming the … Read More “Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175  – CyberScoop” »

A long-running theme in the use of adversarial AI since the advent of large language models has been the automation and enhancement of well-established hacking methods, rather than the creation of new ones.   That remains the case for much of OpenAI’s October threat report, which highlights how government agencies and the cybercriminal underground are opting … Read More “OpenAI: Threat actors use us to be efficient, not make new tools  – CyberScoop” »

Critical Redis flaw RediShell (CVE-2025-49844) exposes 60,000 servers to remote code execution. Patch immediately to prevent full system compromise.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. “The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs  – … Read More “BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers  – The Hacker News” »

Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive … Read More “Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them  – The Hacker News” »

Raleigh, United States, 7th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the ICPC World Finals, Claude Sonnet 4.5 codes for 30 … Read More “The AI Fix #71: Hacked robots and power-hungry AI  – Graham Cluley” »

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. “XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis … Read More “XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities  – The Hacker News” »

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the … Read More “New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise  – The Hacker News” »

Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, … Read More “Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware  – The Hacker News” »

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger … Read More “13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely  – The Hacker News” »

CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical … Read More “Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks  – The Hacker News” »

Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week.  Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory … Read More “Oracle zero-day defect amplifies panic over Clop’s data theft attack spree  – CyberScoop” »

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Tech experts and companies offering encrypted messaging services are warning that  pending European regulation, which would grant governments broad authority to scan messages and content on personal devices for criminal activity, could spell “the end” of privacy in Europe. The European Union will vote Oct. 14 on a legislative proposal from the Danish Presidency known … Read More “Potential EU law sparks global concerns over end-to-end encryption for messaging apps   – CyberScoop” »

Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.” Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal … Read More “House Dems seek info about ICE spyware contract, wary of potential abuses  – CyberScoop” »

A misconfigured database belonging to a pet insurance company, “Rainwalk Pet Insurance,” exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Paris, France, 6th October 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, … Read More “New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations  – The Hacker News” »

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand  – Read … Read More “Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers  – The Hacker News” »

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help  – Read … Read More “5 Critical Questions For Adopting an AI Security Solution  – The Hacker News” »

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these … Read More “⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More  – The Hacker News” »

WatchTowr finds a serious flaw in Dell UnityVSA (CVE-2025-36604) letting attackers run commands without login. Dell issues patch 5.5.1 – update now.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat — but their stories ended up unfolding in different ways.  Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what … Read More “Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks  – CyberScoop” »