Category: Attack Feeds

A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers. The vulnerability, tracked as CVE-2026-41940, affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as … Read More “cPanel’s authentication bypass bug is being exploited in the wild, CISA warns  – CyberScoop” »

Congress extended a controversial surveillance law for 45 days on Thursday, hours before its latest expiration following an earlier extension. The Senate passed — then the House cleared — a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act, which authorizes warrantless surveillance of foreign targets. But those targets are sometimes communicating electronically … Read More “Congress kicks the can down the road on surveillance law (again)  – CyberScoop” »

Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The Federal Communications Commission approved new regulations Wednesday designed to crack down on robocalling, protect telecommunications networks from cyberattacks and further vet equipment-testing labs based overseas. Commissioners unanimously passed a measure to strengthen telecom companies’ “Know Your Customer” requirements for verifying callers’ identities. Among the potential solutions being considered are requiring telecoms to verify a … Read More “FCC tightens KYC rules for telecoms, closes loophole for banned foreign services  – CyberScoop” »

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is … Read More “PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials  – The Hacker News” »

As more businesses relocate their operations to the cloud, one important decision arises: should you choose managed or…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike. The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity … Read More “Two new extortion crews are speedrunning the Scattered Spider playbook  – CyberScoop” »

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is always a moving target. … Read More “ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories  – The Hacker News” »

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work … Read More “Anti-DDoS Firm Heaped Attacks on Brazilian ISPs  – Krebs on Security” »

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)  – Read More  – The Hacker News 

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. “The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an  – Read More  – … Read More “New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials  – The Hacker News” »

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. “An unprivileged local user can write four controlled bytes into the page cache of … Read More “New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions  – The Hacker News” »

Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy … Read More “Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.  – CyberScoop” »

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”  – Read … Read More “Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution  – The Hacker News” »

A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency. Meanwhile, there’s a 1980s phone protocol called … Read More “Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions  – GRAHAM CLULEY” »

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually safer now?” Crickets. The room goes quiet because an honest answer requires context – which is something that patch counts … Read More “What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)  – The Hacker News” »

PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The growth of data centers — and adversaries’ targeting of them — left lawmakers at a hearing Wednesday contemplating whether the federal government has the right setup for defending them. Some industry witnesses and experts at the hearing of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection testified that the answer might be … Read More “Congress, industry ponder government posture for protecting data centers  – CyberScoop” »

A hacker using the alias “Xorcat” claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP’s JavaScript and cloud application  – Read … Read More “SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware  – The Hacker News” »

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, … Read More “New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs  – The Hacker News” »

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren’t just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The … Read More “Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks  – The Hacker News” »

WILMINGTON, Delaware, 29th April 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A man accused of working as a hacker for China’s Ministry of State Security has been extradited to the USA from Italy, and faces – if found guilty – the prospect of decades behind bars. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions – 11.110.0.97 11.118.0.63 … Read More “Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately  – The Hacker News” »

Top AI-powered vendor risk platforms for SaaS companies in 2026, compare tools, features, and how to choose the…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in  ConnectWise ScreenConnect  – Read More  – … Read More “CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV  – The Hacker News” »

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could … Read More “LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure  – The Hacker News” »

Like many organizations, the National Geospatial Intelligence Agency is moving to integrate AI tools into their business operations. Jay Harless, director of human development at NGA, said the agency is trying to strike a balance: move fast enough to keep pace in what U.S. national security officials increasingly view as an AI arms race with … Read More “Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul  – CyberScoop” »

Like many organizations, the National Geospatial Intelligence Agency is moving to integrate AI tools into their business operations. Jay Harless, director of human development at NGA, said the agency is trying to strike a balance: move fast enough to keep pace in what U.S. national security officials increasingly view as an AI arms race with … Read More “Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul  – CyberScoop” »

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Federal Chief Information Officer Greg Barbaccia said Tuesday the government is approaching Anthropic’s Mythos model with measured expectations, acknowledging both its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions. Barbaccia said his direct exposure to Mythos has been limited to evaluations and benchmarking … Read More “Federal CIO cautious on Anthropic’s Mythos despite planned rollout  – CyberScoop” »

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access … Read More “Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push  – The Hacker News” »

Security experts have found a high-severity flaw named Pack2TheRoot in PackageKit that allows hackers to gain full root access on multiple Linux distributions.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to … Read More “Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign  – The Hacker News” »

Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation. Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference. Ramirez first … Read More “Rep. Delia Ramirez takes over as top House cybersecurity Dem  – CyberScoop” »

Stablecoins are becoming the money layer for the always-on economy.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT’s locker permanently destroys large files rather than … Read More “VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi  – The Hacker News” »

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The … Read More “Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About  – The Hacker News” »

Aggregated liquidity improves crypto trading by combining multiple sources, offering better rates, deeper markets, and more reliable execution across assets.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Security Risk in 2026: why unofficial download sources still put users at risk, and how to verify safe, official install paths before installing software.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use … Read More “Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE  – The Hacker News” »

CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More