Category: Attack Feeds

Post-quantum cryptography explained, risks of quantum attacks, and steps to secure data, systems, and infrastructure for a quantum-resilient…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

New York, New York, April 1st, 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising … Read More “3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)  – The Hacker News” »

A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we track as UNC1069,” John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker … Read More “Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069  – The Hacker News” »

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. “No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by … Read More “Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms  – The Hacker News” »

President Donald Trump signed an executive order Tuesday that purports to limit mail-in voting, though critics say the move will almost certainly be challenged in court on constitutional grounds. The order instructs the Homeland Security secretary, the director of U.S. Citizenship and Immigrations Services and the commissioner of the Social Security Administration to compile lists … Read More “White House executive order purports to limit mail-in voting, mandate federal voter lists   – CyberScoop” »

Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while “hiding behind anonymity.” The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year. … Read More “Android Developer Verification Rollout Begins Ahead of September Enforcement  – The Hacker News” »

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker … Read More “TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks  – The Hacker News” »

A hacker briefly delivered malware this week through a popular open-source project for software developers that has an estimated 100 million weekly downloads, raising the possibility of compromises spreading widely through a supply-chain attack. Axios is a JavaScript client library used in web requests. The unknown attacker hijacked the npm account — npm being a … Read More “Attack on axios software developer tool threatens widespread compromises  – CyberScoop” »

Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization’s cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI … Read More “Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts  – The Hacker News” »

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: … Read More “The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority  – The Hacker News” »

F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. “The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating  – Read More  – The Hacker … Read More “Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains  – The Hacker News” »

It’s not every day that you read that the head of America’s top law enforcement agency has been hacked, but then – these aren’t ordinary times. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency. According to StepSecurity, the two versions were published using the compromised … Read More “Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account  – The Hacker News” »

Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system behavior tracking.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary … Read More “3 SOC Process Fixes That Unlock Tier 1 Productivity  – The Hacker News” »

OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Wave Browser for gaming: built for multitasking, streaming, and tabs, with tools for gamers plus ocean cleanup support tied to everyday browsing activity.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. “A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in  … Read More “OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability  – The Hacker News” »

A new malware-based credential-stealing campaign, which researchers are calling “DeepLoad,” has been infecting enterprise business IT environments over the past In a report released Monday, ReliaQuest AI researchers Thassanai McCabe and Andrew Currie say the most relevant feature of this attack is the way it uses artificial intelligence and other engineering “to defeat the controls … Read More “Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’  – CyberScoop” »

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers … Read More “DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials  – The Hacker News” »

Crypto enables 24/7 payments for AI agents, replacing fiat limits with scalable machine-to-machine transactions and powering the emerging machine economy.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There’s a bit of everything this week. Persistence plays, legal wins, influence … Read More “⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More  – The Hacker News” »

Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year’s findings … Read More “The State of Secrets Sprawl 2026: 9 Takeaways for CISOs  – The Hacker News” »

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling  – Read More  … Read More “Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels  – The Hacker News” »

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.” The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL  … Read More “Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign  – The Hacker News” »

ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel “will now find … Read More “Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack  – The Hacker News” »

Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per  – Read … Read More “Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug  – The Hacker News” »

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community … Read More “TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. … Read More “CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation  – The Hacker News” »

Iran-linked Handala hackers breached FBI Chief Kash Patel’s Gmail, leaking photos and documents. Officials say no classified data was exposed.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this … Read More “Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits  – The Hacker News” »

Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Iranian hackers claimed Friday to have compromised the personal data of FBI Director Kash Patel, and the bureau confirmed that it knew of the targeting of Patel’s personal email. The government-connected hacking group, Handala, previously claimed credit for hacking medical device maker Stryker, a boast that threat researchers considered credible. “All personal and confidential email … Read More “Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data  – CyberScoop” »

Researchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a … Read More “TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files  – The Hacker News” »

SAN FRANCISCO — Every RSA Conference has its buzzwords. Cloud. Ransomware. Zero trust. Plastered across the 87-acre Moscone Center complex on every booth, banner and bar. This year was AI, with vendors pitching AI-powered solutions to every security problem imaginable. But 2026 stood out for a different reason: Industry leaders spent the conference warning about … Read More “Security leaders say the next two years are going to be ‘insane’  – CyberScoop” »

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. “The pipeline had a single boolean return value that meant both ‘no scanners are … Read More “Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks  – The Hacker News” »

Letter from group published by MPs blames 12 March glitch on software update to its mobile banking apps Lloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed. A letter … Read More “Almost half a million Lloyds customers had personal data exposed in IT glitch  – Data and computer security | The Guardian” »