Category: Attack Feeds

⚠️ One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes. Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agents—operating outside security’s line … Read More “[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them  – The Hacker News” »

Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it’s designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend … Read More “TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs  – The Hacker News” »

Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. ”  – Read More  … Read More “From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks  – The Hacker News” »

It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader, you’ve likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they’re framed … Read More “How Leading CISOs are Getting Budget Approval  – The Hacker News” »

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, … Read More “20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack  – The Hacker News” »

Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. “The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity … Read More “45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage  – The Hacker News” »

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a … Read More “18 Popular Code Packages Hacked, Rigged to Steal Crypto  – Krebs on Security” »

Federal authorities on Monday imposed sanctions on 19 people and organizations allegedly involved in major cyberscam hubs in Burma and Cambodia. “Criminal actors across Southeast Asia have increasingly exploited the vulnerabilities of Americans online,” Secretary of State Marco Rubio said in a statement. “In 2024, Americans lost at least $10 billion to scam operations in … Read More “Treasury Department targets Southeast Asia scam hubs with sanctions  – CyberScoop” »

Salesloft pinned the root cause of the Drift supply-chain attacks to a threat group gaining access to its GitHub account as far back as March, the company said in an update Saturday.  During a 10-day period in mid-August, the threat group compromised and stole data from hundreds of organizations.  The threat group, which Google tracks … Read More “Salesloft Drift security incident started with undetected GitHub access  – CyberScoop” »

Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Cybersecurity and Infrastructure Agency is delaying finalization of a rule until May of next year that will require critical infrastructure owners and operators to swiftly report major cyber incidents to the federal government, according to a recent regulatory notice. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, CISA was supposed … Read More “CISA pushes final cyber incident reporting rule to May 2026  – CyberScoop” »

Rebecca Slaughter’s return-to-work orders have been put on hold for the second time this year, after the U.S. Supreme Court stepped in to block a lower court ruling that ordered her reinstatement at the Federal Trade Commission. Last week a lower court ruled that Slaughter had been illegally fired by President Donald Trump, citing a … Read More “Supreme Court blocks FTC commissioner Slaughter’s reinstatement  – CyberScoop” »

Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted … Read More “GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies  – The Hacker News” »

MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop. While malvertising campaigns have become commonplace in recent years, the latest activity gives it a little twist of its own: Embedding a GitHub commit … Read More “GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms  – The Hacker News” »

Paris, France, 2025 – iExec has announced the deployment of its privacy framework on Arbitrum, enabling the creation…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it … Read More “⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More  – The Hacker News” »

When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding. Meet “Jordan from Colorado,” who has a strong resume, convincing references, a clean background check, even a digital footprint that checks out. On … Read More “You Didn’t Get Phished — You Onboarded the Attacker  – The Hacker News” »

Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. “The campaign is … Read More “Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign  – The Hacker News” »

Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. “The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor,” Socket researcher  … Read More “Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys  – The Hacker News” »

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending … Read More “GOP Cries Censorship Over Spam Filters That Work  – Krebs on Security” »

Bridgestone confirms a cyberattack that disrupted manufacturing plants. This article details the impact on employees, expert analysis, and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. “Sitecore … Read More “CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation  – The Hacker News” »

Researchers at New York University have taken credit for creating a piece of malware found by third-party researchers that uses prompt injection to manipulate  a large language model into assisting with a ransomware attack. Last month, researchers at ESET claimed to have discovered the first piece of “AI-powered ransomware” in the wild, flagging code found … Read More “NYU team behind AI-powered malware dubbed ‘PromptLock’   – CyberScoop” »

Parents are being reminded to exercise caution about the toys that they purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. “Available in both Python and C variants, CastleRAT’s core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell,” Recorded Future Insikt Group  – Read … Read More “TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations  – The Hacker News” »

Researchers at Guardio Labs have uncovered a new “Grokking” scam where attackers trick Grok AI into spreading malicious…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability … Read More “SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild  – The Hacker News” »

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn’t kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,  – Read … Read More “Automation Is Redefining Pentest Delivery  – The Hacker News” »

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading … Read More “VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages  – The Hacker News” »

APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services … Read More “GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module  – The Hacker News” »

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’s LAB52 threat intelligence team said. … Read More “Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries  – The Hacker News” »

Artificial intelligence could be a key tool for helping organizations keep track of an ever-expanding catalog of identified software flaws, a top official at the Cybersecurity and Infrastructure Security Agency said Thursday. CISA sponsors the Common Vulnerabilities and Exposures (CVE) program, which publishes standardized data about known cyber vulnerabilities. The number of vulnerabilities the CVE … Read More “AI can help track an ever-growing body of vulnerabilities, CISA official says  – CyberScoop” »

An attacker exploited a zero-day vulnerability in Sitecore stemming from a misconfiguration of public ASP.NET machine keys that customers implemented based on the vendor’s documentation, according to researchers. The critical zero-day defect — CVE-2025-53690 — was exploited by the attacker using exposed keys to achieve remote code execution, Mandiant Threat Defense said in a report … Read More “Sitecore zero-day vulnerability springs up from exposed machine key  – CyberScoop” »

Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google’s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Wilmington, United States, 4th September 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below – CVE-2023-50224 (CVSS score: 6.5) – An authentication bypass by spoofing … Read More “CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited  – The Hacker News” »

The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules. Both companies set advertising cookies on users’ browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to … Read More “Google Fined $379 Million by French Regulator for Cookie Consent Violations  – The Hacker News” »

Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok. The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking. The … Read More “Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions  – The Hacker News” »

CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto