Category: Attack Feeds

Microsoft researchers warn of a new ClickFix campaign targeting macOS with fake guides on Medium and Craft to deploy AMOS and SHub Stealer via Terminal commands.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm … Read More “TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms  – The Hacker News” »

The Senate’s top Democrat called on the Department of Homeland Security Friday to work closely with state and local governments to defend against artificial intelligence-strengthened hacks.  Senate Minority Leader Chuck Schumer, D-N.Y., wrote to DHS Secretary Markwayne Mullin to make sure state, local, tribal and territorial (SLTT) governments aren’t left behind as AI models advance, … Read More “Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments  – CyberScoop” »

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, … Read More “Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads  – The Hacker News” »

The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop.   – Read More  – CyberScoop 

As businesses and governments turn to AI agents to access the internet and perform higher-level tasks, researchers continue to find serious flaws in large language models that can be exploited by bad actors. The latest discovery comes from browser security firm LayerX, involving a bug in the Chrome extension for Anthropic’s Claude AI model that … Read More “Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI  – CyberScoop” »

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentials across the software supply chain,”  – Read More  … Read More “Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP … Read More “New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials  – The Hacker News” »

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments.  The dataset behind these findings includes 10 million monitored  – … Read More “One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk  – The Hacker News” »

You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide. Read more in my article on the … Read More “Sri Lanka makes 37 arrests as it raids another scam centre  – GRAHAM CLULEY” »

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was … Read More “Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions  – The Hacker News” »

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions. … Read More “Canvas Breach Disrupts Schools & Colleges Nationwide  – Krebs on Security” »

ShinyHunters hackers defaced the official Canvas LMS portal after breaching Instructure systems, disrupting university access worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Researchers have discovered a new malvertising campaign using a fake Claude AI website to plant a new, undocumented backdoor named Beagle on user devices.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by exploiting a zero-day vulnerability in one of the company’s most besieged products.  Ivanti warned customers that attackers have successfully exploited CVE-2026-6973, an improper input validation defect in Ivanti Endpoint Manager … Read More “Ivanti customers confront yet another actively exploited zero-day  – CyberScoop” »

The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars dismayed and bewildered. In an email to participating school program coordinators obtained by CyberScoop, the Office of Personnel Management and National Science Foundation said the CyberCorps Scholarship For Service program … Read More “Trump officials are steering a cybersecurity scholarship program toward AI  – CyberScoop” »

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. “The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting  – Read More  – The Hacker … Read More “PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems  – The Hacker News” »

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows “a remotely authenticated user with administrative access to achieve … Read More “Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access  – The Hacker News” »

Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection. In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on … Read More “One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches  – The Hacker News” »

Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice Department said Wednesday. Matthew Issac Knoot and Erick Ntekereze Prince both received and hosted laptops at their residences to dupe U.S. companies into thinking remote IT workers they hired were … Read More “American duo sentenced for hosting laptop farms for North Korean IT workers  – CyberScoop” »

Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an … Read More “PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage  – The Hacker News” »

Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In … Read More “Day Zero Readiness: The Operational Gaps That Break Incident Response  – The Hacker News” »

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a … Read More “ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories  – The Hacker News” »

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several … Read More “One House Democrat is pressing Commerce on the government’s spyware use  – CyberScoop” »

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky   – … Read More “PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux  – The Hacker News” »

AI Leak Fuels Malware Scams. Company source code is proprietary and typically held as top secret. However, a recent software leak accident by Anthropic has led to a cascade of nefarious behaviours by hackers. Anthropic is the well-known creator of Claude AI, and the accidental leak of the source code has allowed scammers to create … Read More “AI Software Leak Lets Scammers Add Malware and Steal Data and Your Money  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to … Read More “vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution  – The Hacker News” »

Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press is in a frenzy over a new Linux bug called “Copy Fail” – complete … Read More “Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired  – GRAHAM CLULEY” »

A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according to an account published by Strix, an open-source autonomous security testing project. The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix, … Read More “A DOD contractor’s API flaw exposed military course data and service member records  – CyberScoop” »

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted  – Read … Read More “Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks  – The Hacker News” »

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. “According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially … Read More “Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs  – The Hacker News” »

Attackers are actively exploiting a zero-day vulnerability affecting some Palo Alto Networks’ customers’ firewalls, the security vendor said in an advisory Tuesday. The critical memory corruption vulnerability — CVE-2026-0300 — affects the authentication portal of PAN-OS, and allows unauthenticated attackers to run  code with root privileges on the vendor’s PA-Series and VM-Series firewalls, the company … Read More “A critical Palo Alto PAN-OS zero-day is being exploited in the wild  – CyberScoop” »

ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false flag” operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection … Read More “MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack  – The Hacker News” »

Siloed planning slows decisions and hides risk. Integrated business planning connects finance, demand, supply, and strategy into a single disciplined cycle.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide … Read More “Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?  – The Hacker News” »

For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 … Read More “The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open  – The Hacker News” »

Designing game feel requires responsive controls, hit-stop, sound, animation, and feedback systems that make gameplay satisfying.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

AI-generated code is changing AppSec workflows, forcing teams to rethink SDLC security, dependency checks, code review, and risk prioritization.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. “This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,” Google’s product and security teams said. The initiative builds upon the foundation of Pixel Binary Transparency, … Read More “Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks  – The Hacker News” »

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to … Read More “Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution  – The Hacker News” »