Category: Attack Feeds

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in … Read More “Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files  – The Hacker News” »

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to … Read More “Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks  – The Hacker News” »

You tap Update, wait for the progress indicator, and then error. Your iPhone freezes and displays “Update Failed,”…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

As we all know, the SD card usually stores your multimedia and important mobile files. When Android suddenly…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Hackers are more likely to target educational institutions than private businesses, government survey shows When hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low. But the broader education sector is well used to being a target. Continue reading…  – Read More  – Data and computer … Read More “Six out of 10 UK secondary schools hit by cyber-attack or breach in past year  – Data and computer security | The Guardian” »

Discord confirms a data breach via a third-party vendor, exposing government-issued photo IDs, names, emails, and limited billing data of users who contacted customer support. Learn the full risk.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, … Read More “CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief  – The Hacker News” »

A Zimperium zLabs analysis of 800 free Android and iOS VPN apps exposes critical security flaws, including the Heartbleed bug, excessive system permissions, and non-transparent data practices. Learn how these ‘privacy’ tools are actually major security risks, especially for BYOD environments.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described … Read More “Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day  – The Hacker News” »

A leak site from Scattered LAPSUS$ Hunters alleges Salesforce breach, with hackers claiming 1B records stolen and 39 major companies affected  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That’s according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has … Read More “Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer  – The Hacker News” »

Federal courts are upgrading their cybersecurity on a number of fronts, but multifactor authentication for the system that gives the public access to court data poses “unique challenges,” the Administrative Office of the United States Courts told Sen. Ron Wyden in a letter this week. Wyden, D-Ore., wrote a scathing August letter to the Supreme … Read More “Federal judiciary touts cybersecurity work in wake of latest major breach  – CyberScoop” »

A coordinated Israeli-backed network of social media accounts pushed anti-government propaganda — including deepfakes and other AI-generated content — to Iranians as real-world kinetic attacks were happening, with the goal of fomenting revolt among the country’s people, according to researchers at Citizen Lab. In research released this week, the nonprofit — along with Clemson University … Read More “Researchers say Israeli government likely behind AI-generated disinfo campaign in Iran  – CyberScoop” »

Bitsight warns ICS/OT exposure jumped 12% in 2024, leaving 180,000+ critical infrastructure systems open to attack. Learn about the possible vulnerabilities and new malware strains.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. “Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it … Read More “Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads  – The Hacker News” »

Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan’s largest brewer to its knees and left the country days away from running out of its most popular beverage. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

A ‘high-volume’ extortion campaign possibly linked to FIN11 and Cl0p is targeting Oracle E-Business executives. Mandiant and GTIG are investigating unproven data theft claims.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware. … Read More “Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL  – The Hacker News” »

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting  … Read More “Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security  – The Hacker News” »

A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It’s also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, … Read More “New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. ”  – … Read More “CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild  – The Hacker News” »

Red Hat on Thursday confirmed an attacker gained access to and stole data from a GitLab instance used by its consulting team, exposing some customer data. The open-source software company, a subsidiary of IBM, said the breach is contained and an investigation into the attack is underway.  “Upon detection, we promptly launched a thorough investigation, … Read More “Red Hat confirms breach of GitLab instance, which stored company’s consulting data  – CyberScoop” »

Renault UK warns customers of a third-party data breach exposing personal details, stressing vigilance against fraud and confirming no bank data lost.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Emails sent to Oracle customers by members of the Clop ransomware group assert that the cybercriminals are solely interested in a financial payout, framing the extortion as a business transaction rather than a politically motivated attack.   The extortion emails were sent to executives of alleged victim organizations earlier this week, with attackers claiming they would provide … Read More “Here is the email Clop attackers sent to Oracle customers  – CyberScoop” »

The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. “Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries — especially in Pakistan – using spear-phishing and malicious documents as initial  – … Read More “Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware  – The Hacker News” »

Researchers have found two Android spyware families masquerading as messaging apps Signal and ToTok, apparently targeting residents of the United Arab Emirates. ESET revealed the spyware campaigns Thursday in a blog post, saying that researchers discovered it in June but believe it dates back to last year. They dubbed the campaigns ProSpy and ToSpy, with … Read More “Android spyware disguised as legitimate messaging apps targets UAE victims, researchers reveal  – CyberScoop” »

North Korean nationals who conceal their identities to infiltrate businesses as employees or contractors continue to expand their presence beyond technology companies and America’s borders.  Nearly every industry has been duped into hiring North Koreans in violation of sanctions, as technology companies represent only half of all targeted victims, threat researchers at Okta said in … Read More “North Korea IT worker scheme swells beyond US companies  – CyberScoop” »

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken … Read More “Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown  – The Hacker News” »

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google’s Gemini AI. Learn why AI assistants are the new weak link.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. “This … Read More “Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware  – The Hacker News” »

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI … Read More “ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More  – The Hacker News” »

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed … Read More “Automating Pentest Delivery: 7 Key Workflows for Maximum Impact  – The Hacker News” »

Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging ‘living off the land’ tactics, and a unique Anti-Virus check to deliver a custom payload  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that … Read More “How to Close Threat Detection Gaps: Your SOC’s Action Plan  – The Hacker News” »

Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the … Read More “Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro  – The Hacker News” »

Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite, according to researchers who spoke with CyberScoop.  Researchers haven’t confirmed the veracity of Clop’s claimed data theft, but multiple investigations into Oracle environments belonging to organizations … Read More “Oracle customers being bombarded with emails claiming widespread data theft  – CyberScoop” »

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communicationss still default to “we take security seriously” while quietly implying “assume … Read More “Smashing Security podcast #437: Salesforce’s trusted domain of doom  – Graham Cluley” »

WestJet confirms a data breach starting June 13, 2025, stole passport/ID and personal data. Credit cards and passwords are safe. The airline offers 24 months of free identity monitoring, including $1M insurance.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel’s Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be … Read More “New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer  – The Hacker News” »

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Sen. Marsha Blackburn, R-Tenn., endorsed an aggressive effort by U.S. policymakers to help governments and businesses adapt to a future where quantum computers can break most standard forms of encryption. She also confirmed key details of a White House initiative on quantum technology previously reported by CyberScoop, while also promoting her own legislation on quantum … Read More “GOP senator confirms pending White House quantum push, touts legislative alternatives  – CyberScoop” »

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as … Read More “OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps  – The Hacker News” »

Zhimin Qian, the ‘Bitcoin Queen,’ pleads guilty in the UK after police seized over £5 billion in stolen crypto, the world’s largest crypto seizure. Details on the Ponzi scam and fight for the funds.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. … Read More “Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover  – The Hacker News” »

AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, “Workflow Clarity: Where AI Fits in Modern Automation,” with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed … Read More “How Leading Security Teams Blend AI + Human Workflows (Free Webinar)  – The Hacker News” »