Category: Attack Feeds

0

China-based SMS Phishing Triad Pivots to Banks  – Krebs on Security

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. An...

0

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes  – The Hacker News

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for  – Read More  – The...

0

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses  – The Hacker News

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But,...

0

Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools  – CyberScoop

Cybersecurity professionals who participated in discussions over a code of conduct for nations to use commercial hacking tools said the final voluntary guidelines offer modest promise, even if they fall short of what some wanted. The next step for the joint France/U.K.-led Pall Mall Process, which last week got 21 signatories to the code, is to establish parallel guidance for...

0

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine  – The Hacker News

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious...

0

The Identities Behind AI Agents: A Deep Dive Into AI & NHI  – The Hacker News

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools,  – Read More  – The Hacker...

0

PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party  – The Hacker News

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.  As before, all the...

0

Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence  – The Hacker News

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. “In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,’” Europol said in a  – Read More ...

0

AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections  – The Hacker News

Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO. “AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September  – Read More  – The Hacker...

0

Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing  – Graham Cluley

QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider. Plus! Don’t miss our featured interview with Josh Donelson of Material,...

0

Trump signs order stripping Chris Krebs of security clearance  – CyberScoop

President Donald Trump signed a memorandum Wednesday revoking the security clearance of former CISA leader Chris Krebs, with the White House saying he was a “significant bad-faith actor who weaponized and abused his government authority” during his time leading the agency.  The order also suspends any active security clearance held by employees at SentinelOne, where Krebs is currently employed as...

0

BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns  – CyberScoop

Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.’s National Cyber Security Centre warned in a joint alert Wednesday with Western allies. Cybersecurity researchers have previously linked the BADBAZAAR and MOONSHINE spyware to the Chinese government. The variants mentioned in Wednesday’s alert trojanize apps that are of interest to the target communities, such as a...

0

Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident  – CyberScoop

The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident. The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident “involving an administrative account in the OCC email...

0

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages  – The Hacker News

Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. “As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly  – Read More  –...

0

Bill to study national security risks in routers passes House committee  – CyberScoop

A federal study into the national security risks posed by routers, modems and similar devices controlled by U.S. adversaries moved one step closer to law Tuesday by advancing out of the House Energy and Commerce Committee. The Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act from Reps. Bob Latta, R-Ohio, and Robin Kelly, D-Ill., would require the...

0

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner  – The Hacker News

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. “Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said in an  – Read More ...

0

Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots  – The Hacker News

GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed,...

0

CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks  – The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote  – Read More  –...

0

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware  – The Hacker News

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail...

0

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability  – The Hacker News

Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as...

0

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered  – The Hacker News

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity – CVE-2025-24446 (CVSS score: 9.1) – An improper input validation vulnerability that could result...

0

Patch Tuesday, April 2025 Edition  – Krebs on Security

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day flaw already seeing exploitation is...

0

The AI Fix #45: The Turing test falls to GPT-4.5  – Graham Cluley

In episode 45 of The AI Fix, our hosts discover that ChatGPT is running the world, Mark learns that mattress companies have scientists, Gen Z has nightmares about AI, OpenAI gets a bag, Graham eats too many cheese sandwiches, and too much training makes AIs over-sensitive. Mark reveals why he’s got beef with cows, GPT-4.5 beats the Turing test, and...

0

Microsoft patches zero-day actively exploited in string of ransomware attacks  – CyberScoop

Microsoft addressed 126 vulnerabilities affecting its systems and core products, including a zero-day in the Windows Common Log File System (CLFS) that’s been actively exploited in a series of ransomware attacks, the company said in its latest security update Tuesday. A group Microsoft tracks as Storm-2460 has exploited CVE-2025-29824 to initiate ransomware attacks “against a small number of targets,” Microsoft...

0

Tech experts recommend full steam ahead on US export controls for AI  – CyberScoop

Technology experts pressed Congress to maintain export controls on semiconductor chips and other technologies, telling lawmakers Tuesday that the restrictions are among the most effective strategies to slow China and other rival countries in the AI race, thereby helping U.S. companies hold a competitive edge. Placing export controls on these technologies is not new: both the Trump and Biden administrations...

0

Tech experts recommend full steam ahead on US export controls for AI  – CyberScoop

Technology experts pressed Congress to maintain export controls on semiconductor chips and other technologies, telling lawmakers Tuesday that the restrictions are among the most effective strategies to slow China and other rival countries in the AI race, thereby helping U.S. companies hold a competitive edge. Placing export controls on these technologies is not new: both the Trump and Biden administrations...

0

Privacy fights over expiring surveillance law loom after House hearing  – CyberScoop

Lawmakers on the House Judiciary Committee say privacy protections under a bill Congress passed to re-up a major surveillance law aren’t strong enough, and are gearing up for additional changes for when the legislation is set to expire next year. Legislative battles over Section 702 of the Foreign Intelligence Surveillance Act (FISA) — under which feds can warrantlessly search a...

0

WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News

If you use WhatsApp Desktop on Windows, listen up! A flaw in WhatsApp for Windows (CVE-2025-30401) let attackers disguise malicious files as safe ones. Update to version 2.2450.6 or later to stay secure.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

0

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw  – The Hacker News

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. “An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify  – Read More ...

0

The April 2025 Security Update Review  – Zero Day Initiative – Blog

It’s the second Tuesday of the month, and, as expected, Microsoft and Adobe have released their latest security offerings – all tariff free. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the...

0

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings  – The Hacker News

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a  – Read More  – The Hacker News 

0

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal  – The Hacker News

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,  – Read More  – The...

0

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine  – The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said. The attacks involve distributing phishing emails  – Read More  – The Hacker News 

0

Agentic AI in the SOC – Dawn of Autonomous Alert Triage  – The Hacker News

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many  – Read More  – The...

0

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation  – The Hacker News

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has  – Read More ...

0

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities  – The Hacker News

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of...

0

Google hopes its experimental AI model can unearth new security use cases  – CyberScoop

Google has built a cybersecurity assistant for information security professionals, and now they’re looking for researchers to play with it. Sec Gemini V1 is a new cybersecurity AI reasoning model that Google rolled out last week on an experimental basis. It is designed to function as an AI assistant for security practitioners, capable of handling data analysis and other lower-level...

0

Google hopes its experimental AI model can unearth new security use cases  – CyberScoop

Google has built a cybersecurity assistant for information security professionals, and now they’re looking for researchers to play with it. Sec Gemini V1 is a new cybersecurity AI reasoning model that Google rolled out last week on an experimental basis. It is designed to function as an AI assistant for security practitioners, capable of handling data analysis and other lower-level...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.