Category: Attack Feeds

It’s time once again for Patch Tuesday, and this one is huge. We’ve also got multiple exploits in the wild, which adds another layer of urgency to this month’s release. Take a break from your regularly scheduled activities, and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather … Read More “The April 2026 Security Update Review  – Zero Day Initiative – Blog” »

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below – CVE-2026-40176 (CVSS  – Read More  – The Hacker News 

A small group of former Black Basta affiliates have targeted more than 100 employees across dozens of organizations to intrude network systems for potential data theft, ransomware deployment and extortion, according to ReliaQuest. The social engineering campaign, which involves mass email bombing and Microsoft Teams help desk impersonation, surged last month and dates back to … Read More “Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign  – CyberScoop” »

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google’s Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The campaign, which has been  – Read More  – … Read More “AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud  – The Hacker News” »

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. “The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of … Read More “Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security  – The Hacker News” »

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Booking.com confirms a data breach exposing customer details to hackers. No payment data accessed, but users face risk of targeted phishing scams now!  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a “velocity gap” where the density of high-impact vulnerabilities is scaling faster than  – Read More  – The Hacker News 

On March 23, the Senate confirmed Senator Markwayne Mullin as the next homeland security secretary, marking an important step in strengthening leadership during a critical moment for our nation’s security. But only half of the job is done. The Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s main civilian cyber defense agency, still lacks … Read More “Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey  – CyberScoop” »

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are … Read More “108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2026-21643 (CVSS score: 9.1) –  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an unauthenticated attacker to  – Read … Read More “CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software  – The Hacker News” »

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of  – Read More  – … Read More “ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers  – The Hacker News” »

A joint report from the Cloud Security Alliance (CSA), the SANS Institute and the Open Worldwide Application Security Project (OWASP) concludes that in the near term, organizations are “likely to be overwhelmed” by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them. While those organizations can use AI tools … Read More “Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos  – CyberScoop” »

OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenAI updated its security certificates and is requiring all macOS users to update to the latest versions after determining its products, along with many others, were impacted by a widespread supply-chain attack that briefly infected a popular open-source library in late March, the company said in a blog post Friday. The artificial intelligence vendor said … Read More “OpenAI’s Mac apps need updates thanks to the Axios hack  – CyberScoop” »

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and … Read More “JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025  – The Hacker News” »

The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. In tandem, authorities detained the alleged developer, who has&  – Read … Read More “FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts  – The Hacker News” »

BITTER APT spreads ProSpy and ToSpy via Signal, Google, and Zoom lures, targeting journalists through LinkedIn and iMessage spearphishing.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a … Read More “⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More  – The Hacker News” »

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026  – Read More  – … Read More “Your MTTD Looks Great. Your Post-Alert Gap Doesn’t  – The Hacker News” »

Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Undisclosed number of names, contact and reservation details are accessed in latest cybercrime attempt Business live – latest updates The accommodation reservation website Booking.com has suffered a data breach with “unauthorised parties” gaining access to customers’ details. The platform said it “noticed some suspicious activity involving unauthorised third parties being able to access some of … Read More “Booking.com warns customers of hack that exposed their data  – Data and computer security | The Guardian” »

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. “The threat actor used … Read More “North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware  – The Hacker News” »

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. “Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI said in a … Read More “OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident  – The Hacker News” »

A lone hacker used Claude Code and GPT-4.1 to exfiltrate hundreds of millions of Mexican citizen records from 9 government agencies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

FBI Atlanta and Indonesian National Police dismantle W3LLSTORE phishing market linked to $20M fraud, seizing domains and detaining developer.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described … Read More “Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621  – The Hacker News” »

Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with  … Read More “CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads  – The Hacker News” »

Signal messages may persist in iPhone notification data, enabling FBI access even after deletion, a court case reveals.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google adds Device Bound Session Credentials (DBSC) to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023  – Read … Read More “Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data  – The Hacker News” »

ShinyHunters claims access to Rockstar Games Snowflake data via Anodot breach, threatening a data leak on April 14 if ransom demands are not met.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Android banking trojan linked to Cambodia scam compounds uses forced labour to target users in 21 countries, bypassing security to steal funds.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Department of Commerce is putting together a catalog of AI tools that will be given special export status by the federal government to be sold abroad. The department issued a call for proposals to participating companies in the Federal Register, looking to create a “menu of priority AI export packages that the U.S. Government … Read More “Commerce setting up new AI export regime to push adoption of ‘American AI’ abroad  – CyberScoop” »

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensitive data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine. The technique has been discovered in an Open VSX extension named “specstudio.code-wakatime-activity-tracker,” which masquerades as WakaTime, a  – Read More  – The Hacker News 

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including  – Read More  – The Hacker … Read More “Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure  – The Hacker News” »

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions.  A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn’t on anyone’s   – Read More  – The … Read More “Browser Extensions Are the New AI Consumption Channel That No One Is Talking About  – The Hacker News” »

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. “This project represents a significant  – Read More  – The … Read More “Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows  – The Hacker News” »

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across … Read More “Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers  – The Hacker News” »

When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems, … Read More “Why is the timeline to quantum-proof everything constantly shrinking?  – CyberScoop” »

The fallout and potential exposure from Iran’s state-backed targeting of U.S. critical infrastructure extends to more than 5,200 internet-connected devices, researchers at Censys said in a threat intelligence brief Wednesday.   Of the programmable logic controllers manufactured by Rockwell Automation/Allen-Bradley that Censys identified as  potentially exposed to Iranian government attackers, nearly 3,900, or about 3 out … Read More “Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs  – CyberScoop” »

When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems, … Read More “Why is the timeline to quantum-proof everything constantly shrinking?  – CyberScoop” »