Category: Attack Feeds

In episode 76 of The AI Fix, two US federal judges blame AI for imaginary case law, a Chinese “humanoid” dramatically sheds its skin onstage, Toyota unveils a crabby walking chair creeps us out, Google plans AI chips in orbit, robot dogs get jobs at Sellafield, and AI writes cruise-ship gags from the 1950s (but … Read More “The AI Fix #76: AI self-awareness, and the death of comedy  – Graham Cluley” »

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours … Read More “GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites  – The Hacker News” »

Virginia-based BigBear.ai announced Monday it will acquire Ask Sage, a generative artificial intelligence platform specializing in secure deployment of AI models and agentic systems across defense and other regulated sectors, in a deal valued at about $250 million. Ask Sage focuses on safety and security in the growing field of agentic AI, or systems capable … Read More “BigBear.ai to buy Ask Sage, strengthening security-centric AI for federal agencies  – CyberScoop” »

Have I Been Pwned (HIBP), the popular breach notification service, has added another massive dataset to its platform.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, … Read More “Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers  – The Hacker News” »

Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories. “We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish  … Read More “Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories  – The Hacker News” »

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here.  TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication – Malicious package uploads to open-source repositories jumped … Read More “CISO’s Expert Guide To AI Supply Chain Attacks  – The Hacker News” »

Cisco’s new research shows that open-weight AI models, while driving innovation, face serious security risks as multi-turn attacks, including conversational persistence, can bypass safeguards and expose data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. “Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs,” the … Read More “Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon  – The Hacker News” »

Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  The  – … Read More “Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature  – The Hacker News” »

Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks that could pose long-term consequences downstream. F5, which became aware of the attack Aug. 9 … Read More “What’s left to worry (and not worry) about in the F5 breach aftermath  – CyberScoop” »

Intel, the leading computer chip maker, has filed a lawsuit seeking at least $250,000 in damages from a…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

In an era where digital ecosystems extend far beyond a company’s internal network, enterprise cybersecurity is no longer…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability (CVE-2025-21042) to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Menlo Park, CA, USA, 10th November 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting … Read More “New Browser Security Report Reveals Emerging Threats for Enterprises  – The Hacker News” »

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear … Read More “⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More  – The Hacker News” »

Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Legislation to end the federal government shutdown includes a provision that would extend an expired cybersecurity information sharing law through the end of January. Extension of the Cybersecurity Information Sharing Act of 2015 is something industry groups have coveted since even before its sunset at the end of September. Previous attempts to extend it fell … Read More “Cyber information sharing law would get extension under shutdown deal bill  – CyberScoop” »

On Sept. 30, 2025, the Cybersecurity Information Sharing Act (CISA 2015) officially expired, ending a decade-long framework that helped government and industry share cyber-threat data safely and consistently. For the first time in ten years, the United States lacks the statutory foundation that underpinned its public-private threat-intelligence ecosystem. At a time when adversaries are exploiting … Read More “CISA’s expiration leaves a dangerous void in US cyber collaboration  – CyberScoop” »

Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A Dutch TV and radio broadcaster has found itself at the mercy of cybercriminals after suffering a cyber attack, and leaving it scrambling to find ways to play music to its listeners. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below – ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057  – Read More  – … Read More “GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs  – The Hacker News” »

Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. “The attacker’s modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments,” Sekoia said. “This campaign  – Read More  … Read More “Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware  – The Hacker News” »

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any … Read More “Drilling Down on Uncle Sam’s Proposed TP-Link Ban  – Krebs on Security” »

The FBI has issued a federal subpoena to domain registrar Tucows, demanding extensive billing and session records to unmask the anonymous operator of Archive.ph (Archive.is and Archive.today). The site, known for bypassing paywalls, is now the subject of an undisclosed criminal investigation.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto … Read More “FBI Wants to Know Who Runs Archive.ph  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More” »

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to  – Read More  – … Read More “Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic  – The Hacker News” »

A 25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison. Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, … Read More “Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks  – CyberScoop” »

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary  … Read More “Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp  – The Hacker News” »

Federal agencies often collect voluminous amounts of data on Americans to fulfill their missions and better understand the public’s needs. But a new whitepaper from the Electronic Privacy Information Center argues that increasingly sophisticated and invasive data mining is now widespread throughout government, allowing machines — and not humans — to determine how data is connected … Read More “Report: Government data mining has gone too far – and AI will make it worse  – CyberScoop” »

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom’s Symantec and Carbon Black teams, is … Read More “From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools  – The Hacker News” »

A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in a blog post Friday. Whoever’s responsible, they seized upon a previously unknown, unpatched vulnerability known as a zero-day — a flaw Samsung has since closed, the researchers from Palo Alto … Read More “New Landfall spyware apparently targeting Samsung phones in Middle East  – CyberScoop” »

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity headlines still focus on the headline-grabbing moments, whether it’s the latest breach, a zero-day exploit, or an eye-catching product launch. However, beneath the surface noise, a quieter but more profound transformation is taking place—driven by regulations that are changing the way organizations think about, approach, and communicate on security.” Across the globe, new standards … Read More “The quiet revolution: How regulation is forcing cybersecurity accountability  – CyberScoop” »

Bolster AI reveals a new scam using a simple JS code via Emkei’s Mailer to fake 37% profits and steal crypto. Act fast to secure your wallet.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific … Read More “Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation  – The Hacker News” »

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are … Read More “Enterprise Credentials at Risk – Same Old, Same Old?  – The Hacker News” »

Google on Thursday said it’s rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online … Read More “Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts  – The Hacker News” »

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was … Read More “Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities  – The Hacker News” »

Account takeover (ATO) attacks can devastate individuals and organisations, from personal profiles to enterprise systems. The financial impact…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

A federal agency that supplies budget and economic information to Congress has suffered a cybersecurity incident, reportedly at the hands of a suspected foreign party. A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday after The Washington Post reported that the office was hacked, with the attackers potentially accessing communications between lawmakers … Read More “Agency that provides budget data to Congress hit with security incident  – CyberScoop” »

South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Seven vulnerabilities in ChatGPT (including GPT-5) allow attackers to use ‘0-click’ and ‘memory injection’ to bypass safety features and persistently steal private user data and chat history. Tenable Research exposes the flaws.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

SonicWall said a state-sponsored threat actor was behind the brute-force attack that exposed firewall configuration files of every customer that used the company’s cloud backup service.  The vendor pinned the responsibility for the attack on an undisclosed nation state Tuesday, after Mandiant concluded its investigation into the incident. SonicWall did not attribute the attack to … Read More “SonicWall pins attack on customer portal to undisclosed nation-state  – CyberScoop” »

Cisco on Wednesday disclosed that it became aware of a new attack variant that’s designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. “This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service  … Read More “Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362  – The Hacker News” »

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. “InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link  – Read … Read More “Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine  – The Hacker News” »

Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Finding the right partner is less about headcount and more about repeatable outcomes, which is why the profiles…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More