Category: Attack Feeds

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated … Read More “How to Protect Your SaaS from Bot Attacks with SafeLine WAF  – The Hacker News” »

While competing for medals and glory in Milan, Italy, U.S. Olympic athletes experienced something that is fast becoming a regular feature of modern public life: the widespread use of AI tools by politicians, trolls and sexual harassers to manipulate their images and voices Users on 4chan and other sites quickly generated and shared “nudified” or … Read More “From fake nudes to fake quotes: AI deepfakes plagued Olympic athletes  – CyberScoop” »

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. “Protection mechanism failure in MSHTML Framework allows an unauthorized  – … Read More “APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday  – The Hacker News” »

For years, cyberattacks followed a familiar pattern: reconnaissance, exploitation, persistence, impact. Defenders built their strategies around that cycle, patching vulnerabilities, monitoring indicators, and working to reduce dwell time. But a quieter shift is underway. Today’s most sophisticated adversaries are using AI to study how organizations defend themselves. They run what we call “silent probing campaigns:” … Read More “How ‘silent probing’ can make your security playbook a liability  – CyberScoop” »

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. … Read More “DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams  – The Hacker News” »

Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead … Read More “North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT  – The Hacker News” »

Fake Xeno and Roblox gaming tools are spreading a Windows RAT (remote access trojan) using PowerShell and LOLBins, Microsoft Threat Intelligence warns.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly … Read More “ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket  – The Hacker News” »

Stop the 75% failure rate. Learn which device vulnerabilities stall deployments and the exact fixes that get IoT projects to production.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks … Read More “Who is the Kimwolf Botmaster “Dort”?  – Krebs on Security” »

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix “AIza”) embedded in client-side code to provide Google-related … Read More “Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement  – The Hacker News” »

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance … Read More “Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute  – The Hacker News” »

ShinyHunters hackers leak 2 million records from Dutch telecom Odido after ransom refusal, claiming up to 21 million customer records were stolen in the breach.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Is your AI assistant safe? Oasis Security researchers have found a critical ClawJacked vulnerability in OpenClaw that allows hackers to hijack AI agents through a simple browser tab.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. … Read More “900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks  – The Hacker News” »

Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password  – Read More  – The Hacker … Read More “Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor  – The Hacker News” »

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves … Read More “ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks  – The Hacker News” »

Guide to the SpaceX IPO date, company profile, pricing method, risks, and how investors can prepare to buy shares when the company goes public soon.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). “A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. … Read More “Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms  – The Hacker News” »

Meta on Thursday said it’s taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers’ methods of payment have been suspended, related accounts have been disabled, and the website domain names used to pull … Read More “Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams  – The Hacker News” »

Madhu Gottumukkala is out as acting director of the Cybersecurity and Infrastructure Security Agency, with current agency executive director for cybersecurity Nick Andersen replacing him as the interim leader. News of Gottumukkala’s departure breaks one day after CyberScoop reported on widespread dismay with the agency’s performance during the first year of the Trump administration, with … Read More “Gottumukkala out, Andersen in as acting CISA director  – CyberScoop” »

Qrator Research Lab has identified Aeternum C2, a botnet that uses the Polygon blockchain for commands, making it nearly impossible to shut down.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A global law enforcement effort has taken root to combat The Com, a sprawling nihilistic network of thousands of minors and young adults engaged in various forms of cybercrime, including physical violence and extortion. Project Compass, an operation coordinated by Europol with support from 28 countries, including all members of the Five Eyes, has resulted … Read More “Project Compass is Europol’s new playbook for taking on The Com  – CyberScoop” »

A key Senate Committee moved to advance legislation that would overhaul cybersecurity practices at the Department of Health and Human Services. The bipartisan Health Care Cybersecurity and Resiliency Act sailed through the Senate Health, Education and Labor Committee Thursday on a 22-1 vote, with only Sen. Rand Paul, R-Ky., opposing it. The legislation, sponsored by … Read More “Senate moves one step closer to passing health care cyber reforms   – CyberScoop” »

Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. “Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain,” Qrator Labs said in a report shared with The  … Read More “Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown  – The Hacker News” »

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth … Read More “ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories  – The Hacker News” »

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. “Dohdoor utilizes … Read More “UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor  – The Hacker News” »

New VulnCheck research reveals that while thousands of CVEs are discovered yearly, only 1% drive real-world impact.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

How better threat visibility and real-time intelligence reduce MTTR, improve SOC response speed, and strengthen resilience through faster detection and containment.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

How better threat visibility and real-time intelligence reduce MTTR, improve SOC response speed, and strengthen resilience through faster detection and containment.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money… from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The … Read More “Expert Recommends: Prepare for PQC Right Now  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by … Read More “Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens  – The Hacker News” »

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. “The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code  – … Read More “Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware  – The Hacker News” »

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain  … Read More “Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access  – The Hacker News” »

Attackers have been exploiting a pair of zero-day vulnerabilities in Cisco’s network edge software for at least three years, and the global campaign is ongoing, authorities said across a series of warnings released Wednesday. The Cybersecurity and Infrastructure Security Agency issued an emergency directive about the global attacks and issued joint guidance with the Five … Read More “Governments issue warning over Cisco zero-day attacks dating back to 2023  – CyberScoop” »

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.  – Read More  – … Read More “Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware  – The Hacker News” »

Intelligent contract solutions replace traditional CLM by adding AI analysis, benchmarking, and risk insights that speed reviews, reduce delays, and improve decisions.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. “This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,”  … Read More “Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries  – The Hacker News” »

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. “The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing  – Read More  – The Hacker News