Category: Attack Feeds

0

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats  – The Hacker News

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is  –...

0

Steganography Explained: How XWorm Hides Inside Images  – The Hacker News

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal’s secret weapon for ...

0

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches  – The Hacker News

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. “Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws...

0

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa  – The Hacker News

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy  – Read More ...

0

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List  – The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive VeraCore  – Read More  –...

0

Multiple vulnerabilities found in ICONICS industrial SCADA software  – CyberScoop

A popular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files. The vulnerabilities were found within a suite of software made by ICONICS, which claims on its website that its SCADA software is embedded...

0

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials  – The Hacker News

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. “The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to  – Read More  – The...

0

Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links  – The Hacker News

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. “The campaign, which leverages social media to distribute malware, is tied to the region’s current geopolitical climate,” Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week. ...

0

Why The Modern Google Workspace Needs Unified Security  – The Hacker News

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different  – Read More  –...

0

⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact  – The Hacker News

Cyber threats today don’t just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our  – Read More  – The Hacker News 

0

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools  – The Hacker News

A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware  – Read More  –...

0

Feds Link $150M Cyberheist to 2022 LastPass Hacks  – Krebs on Security

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion. On...

0

CISA completed its election security review. It won’t make the results public  – CyberScoop

When the Trump administration began sidelining and laying off personnel at the Cybersecurity and Infrastructure Security Agency, it started by targeting employees who worked on election security and disinformation. At the same time, the Department Homeland Security announced it would conduct a comprehensive review of CISA’s election security mission. This week, the agency confirmed that it has completed the review,...

0

Ransomware poseurs are trying to extort businesses through physical letters  – CyberScoop

The FBI and threat researchers are warning executives to be on the lookout for physical letters in the mail threatening to leak sensitive corporate data.  The letters, which are stamped “time sensitive read immediately” and shipped directly to executives through the Postal Service, are part of a nationwide scam designed to extort victims into paying $250,000 to $500,000, the FBI...

0

Russian crypto exchange Garantex seized in international law enforcement operation  – CyberScoop

U.S. and European law enforcement agencies have seized the infrastructure of Garantex, a cryptocurrency exchange accused of laundering billions in criminal proceeds, in a sweeping international operation that signals heightened focus on illicit financial flows in cryptocurrency markets. According to Justice Department documents unsealed Friday, the Moscow-based exchange processed approximately $96 billion in cryptocurrency transactions since its founding in April...

0

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations  – The Hacker News

Threat hunters have shed light on a “sophisticated and evolving malware toolkit” called Ragnar Loader that’s used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). “Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations,” Swiss  – Read More  –...

0

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide  – The Hacker News

Microsoft has disclosed details of a large-scale malvertising campaign that’s estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of...

0

Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive  – The Hacker News

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both  – Read...

0

What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey  – The Hacker News

Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared. Beyond fines, non-compliance exposes businesses to web skimming, third-party script attacks, and  – Read...

0

U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website  – The Hacker News

A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex (“garantex[.]org”), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022. “The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney’s  – Read...

0

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions  – The Hacker News

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry. “Disguised as a simple utility for Python  – Read...

0

SafeWallet Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist  – The Hacker News

SafeWallet has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to  –...

0

PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors  – The Hacker News

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. “The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a technical  – Read More ...

0

Who is the DOGE and X Technician Branden Spikes?  – Krebs on Security

At 49, Branden Spikes isn’t just one of the oldest technologists who has been involved in Elon Musk’s Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk’s most loyal employees. Here’s a closer look at this trusted Musk lieutenant, whose...

0

Victims of Cybercrime that create their own demise  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

One of the most successful actions that cyber threat actors have historically taken is in the use of “phishing” while misrepresenting themselves and convincing people to give up their logins, passwords and/or control of their device. The problem with this is that the users volunteer their information and therefore the breach can’t be prosecuted. Anydesk […] The post Victims of...

0

Silk Typhoon shifted to specifically targeting IT management companies  – CyberScoop

The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday.  The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access management, cloud-based application providers and...

0

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom  – The Hacker News

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report...

0

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing  – The Hacker News

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. “EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions,” Outpost24 KrakenLabs said in a new report shared with The  – Read More  – The Hacker News 

0

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution  – The Hacker News

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. “Prototype pollution in Kibana leads...

0

Outsmarting Cyber Threats with Attack Graphs  – The Hacker News

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths  – Read...

0

Smashing Security podcast #407: HP’s hold music, and human trafficking  – Graham Cluley

Journey with us to Myanmar’s shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company’s mandatory hold time for tech support could lead to innocent users having their computers compromised. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans...

0

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access  – The Hacker News

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. “Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed,” c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[  – Read More ...

0

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations  – The Hacker News

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun  – Read...

0

US indicts 12 Chinese nationals for vast espionage attack spree  – CyberScoop

The Justice Department on Wednesday indicted 12 Chinese nationals for their alleged involvement in an extensive nation-state-backed espionage campaign that included a spree of attacks on U.S. federal and state agencies, including the late 2024 attack targeting the Treasury Department.  Officials accused the Chinese individuals, including two officers of China’s Ministry of Public Security, eight i-Soon employees and two members...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.