Category: Attack Feeds

Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0. “This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres … Read More “Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication  – The Hacker News” »

Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report  – Read … Read More “The Future of Cybersecurity Includes Non-Human Employees  – The Hacker News” »

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. “Under certain conditions, an authenticated user may be able to cause untrusted code … Read More “n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions  – The Hacker News” »

Security teams are still catching malware. The problem is what they’re not catching. More attacks today don’t arrive as files. They don’t drop binaries. They don’t trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind … Read More “Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators  – The Hacker News” »

Texas based Gulshan Management Services, operator of Handi Plus and Handi Stop gas stations, reports a data breach impacting over 377,000 people.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The cybersecurity industry has been battling a talent shortage and skills gap for years. Meanwhile, organizations need a new way to approach risk management proactively and more effectively. AI seems the clear answer to both. Open tech roles are trending down or flat, while demand for AI skills is climbing fast. It’s structural change that … Read More “Why cybersecurity cannot hire its way through the AI era  – CyberScoop” »

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have been sent internally. “Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the  … Read More “Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing  – The Hacker News” »

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters. “An unauthenticated remote attacker … Read More “Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers  – The Hacker News” »

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The Federal Communications Commission finalized new financial penalties for telecoms that submit false, inaccurate or late reporting to a federal robocalling system. The new regulations, which go into effect Feb. 5, will require providers to recertify every year that their information is accurate in the Robocall Mitigation Database (RMD). It would also impose fines on … Read More “FCC finalizes new penalties for robocall violators  – CyberScoop” »

Ilya Lichtenstein, the man behind the massive 2016 Bitfinex Bitcoin theft, has been released early from prison. Read how the First Step Act and a trail of Walmart gift cards led to this major update in one of the world’s largest crypto thefts.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and … Read More “Bitfinex Hack Mastermind Behind $10 Billion Theft Gets Early Release  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device … Read More “Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover  – The Hacker News” »

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control. The names of the extensions, which collectively have over 900,000 users, are below – Chat GPT for Chrome with GPT-5, Claude Sonnet & … Read More “Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users  – The Hacker News” »

Ledger confirms data breach via Global-e partner. Customer info exposed, phishing attacks active. No passwords or crypto recovery phrases leaked.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device … Read More “Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover  – The Hacker News” »

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names. The problem, according to Koi, … Read More “VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX  – The Hacker News” »

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to … Read More “Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat  – The Hacker News” »

Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The Invisible Half of the Identity Universe Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows. Traditional IAM and … Read More “What is Identity Dark Matter?  – The Hacker News” »

For too long, fraud – an illicit economy rivaling the GDP of G20 nations – has been seen as a cost of doing business, a nuisance to be absorbed by banks and consumers. That perception is a dangerous relic. Modern fraud blends geopolitics with advanced technical tactics, carried out through criminal proxies to target businesses … Read More “Why governments need to treat fraud like cyberwarfare, not customer service  – CyberScoop” »

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Police in India have arrested a former Coinbase customer service agent who is believed to have been bribed by cybercriminal gangs to access sensitive customer information. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Menlo Park, India, 6th January 2026, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue … Read More “Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers  – The Hacker News” »

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure. … Read More “New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands  – The Hacker News” »

The surprise raid by U.S. armed forces and law enforcement agencies in Caracas, Venezuela had observers around the world scouring social media and news for updates on an operation that saw Venezuelan president Nicholas Maduro and his wife captured and flown to the United States to face criminal charges. The Trump administration initially offered few … Read More “AI, voting machine conspiracies fill information vacuum around Venezuela operation   – CyberScoop” »

Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A hacker who pleaded guilty to conspiring to launder billions of dollars worth of bitcoin stolen in the 2016 Bitfinex hack has been released from prison, a little more than one year after being sentenced to a five-year stint. Ilya Lichtenstein posted on X that his early release came as a result of a bipartisan … Read More “Convicted Bitfinex bitcoin launderer freed from prison, thanks Trump law  – CyberScoop” »

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. “Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality,” the company said in an analysis published … Read More “Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks  – The Hacker News” »

The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. “This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025,” the 360 Threat Intelligence Center said in  – Read More  … Read More “Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government  – The Hacker News” »

A hacker using the alias 1011 has claimed to breach a NordVPN development server, posting what appears to…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No … Read More “⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More  – The Hacker News” »

Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point solutions to a question of architecture, trust, and execution speed. This report examines how core areas of cybersecurity are evolving in  … Read More “The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations   – The Hacker News” »

Disney agrees to a $10M settlement with the DOJ and FTC over YouTube privacy violations. Learn how the COPPA ruling affects kids’ data and Disney’s new rules.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support … Read More “Time to restore America’s cyberspace security system  – CyberScoop” »

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump’s First Step Act. … Read More “Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. “VVS … Read More “New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code  – The Hacker News” »

Security researcher in “Martha Root” in Pink Power Ranger deletes white supremacist dating sites live onstage, leaks 8,000 profiles and 100GB of data at Chaos Communication Congress (CCC) 2025.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

After a sudden internet cable break between Finland and Estonia, authorities have seized the cargo ship Fitburg. With two crew members arrested and sanctioned steel found on board, investigators are now probing if this was an accident or a deliberate act of hybrid warfare.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, … Read More “Finnish Authorities Detain Crew After Undersea Internet Cable Severed  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

Resecurity denies breach claims by ShinyHunters, says attackers accessed a honeypot with fake data. No real systems or customer info were compromised.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The hacking group ShinyHunters has claimed responsibility for breaching Resecurity, a US-based cybersecurity company headquartered in Los Angeles.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The world of finance has undergone a remarkable transformation with the rise of digital wallets and financial technology…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Tokyo FM is investigating claims of a massive data breach involving 3 million records. Learn what information was allegedly taken and how you can stay safe.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The Trump administration this week removed three Iranians from its sanctions list who were previously accused of working for Intellexa, the consortium behind the Predator spyware that recent investigations say has circumvented human rights safeguards. The Biden administration imposed sanctions against the trio in 2024 as part of a broader move to sanction spyware operators. … Read More “Treasury removes Intellexa spyware-linked trio from sanctions list  – CyberScoop” »

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. “The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF … Read More “Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia  – The Hacker News” »

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal … Read More “The Kimwolf Botnet is Stalking Your Local Network  – Krebs on Security” »

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.  This gap between … Read More “The ROI Problem in Attack Surface Management  – The Hacker News” »