Category: Attack Feeds

0

Browser extension sales, updates pose hidden threat to enterprises  – CyberScoop

Sometimes the simplest pieces of software can cause the most complex security headaches for organizations. Browser extensions, which can be bought, sold and repurposed without warning, are a blind spot for organizations — ignored and often left unrecognized as a hidden threat.  John Tuckner, founder of the browser extension security company Secure Annex, recently demonstrated how quickly he bought and...

0

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records  – The Hacker News

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. “The threat actor behind  –...

0

When Getting Phished Puts You in Mortal Danger  – Krebs on Security

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. The text has been machine-translated from...

0

Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks  – The Hacker News

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in ...

0

MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities  – Zero Day Initiative – Blog

Use-after-free is a memory corruption condition where a program references memory after it has been released back to the allocator. Statically detecting these bugs can be challenging. In the past, several approaches have addressed this problem, such as GUEB by Josselin Feist and Sean Heelan’s work on Finding use-after-free bugs with static analysis. This blog post explores the usage of...

0

Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News

Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

0

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware  – The Hacker News

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which...

0

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It  – The Hacker News

Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why  – Read...

0

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!  – The Hacker News

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need...

0

Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!  – Graham Cluley

A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.  – Read...

0

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms  – The Hacker News

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. “The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor’s browser,” c/side security analyst Himanshu  – Read More  – The Hacker...

0

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems  – The Hacker News

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as  – Read More  – The Hacker News 

0

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices  – The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF  – Read More  – The Hacker News 

0

Commerce limits 19 Chinese, Taiwanese companies from buying U.S. tech  – CyberScoop

The Commerce Department plans to finalize economic sanctions this week on nearly 20 Chinese and Taiwanese organizations, citing the need to limit their access to U.S. cloud, artificial intelligence and quantum computing technologies. The sanctions, which will be detailed and published Friday in the Federal Register , would place additional license requirements on, and limit the availability of, license exceptions...

0

Intelligence chiefs insist Signal chat was a simple mistake  – CyberScoop

U.S. intelligence leaders found themselves under intensified scrutiny from Congress for a second straight day, following revelations that significant military plans were discussed over text messaging application Signal.  Both Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe apologized during a House Intelligence Committee hearing Wednesday, yet continued to claim that no sources, methods, locations or war plans...

0

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations  – The Hacker News

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors....

0

String of defects in popular Kubernetes component puts 40% of cloud environments at risk  – CyberScoop

More than 40% of cloud environments are at risk of an account takeover due to a series of five recently discovered vulnerabilities — one regarded critical — in the Ingress Ngnix Controller for Kubernetes, according to security research published this week. Upon discovering the string of vulnerabilities in one of most widely used ingress controllers for Kubernetes, Wiz researchers described...

0

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment  – The Hacker News

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating  – Read More  –...

0

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware  – The Hacker News

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. “In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,  – Read More ...

0

Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience  – The Hacker News

“A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in...

0

Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks  – The Hacker News

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on  – Read More  – The Hacker...

0

How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More  – The Hacker News

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon’s 2024 Data Breach Investigations Report, 57% of companies experience over  – Read More  – The Hacker News 

0

Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms  – The Hacker News

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis. Credential stuffing is a  – Read More  –...

0

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround  – The Hacker News

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). “VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control,” Broadcom said in an  – Read More ...

0

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks  – The Hacker News

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on Windows.” Mojo refers to a ...

0

Trump issues executive order seeking greater federal control of elections   – CyberScoop

President Donald Trump issued an executive order Tuesday that threatens states with the loss of federal election grants unless they comply with a broad list of requirements concerning the administration of elections. The order makes numerous inaccurate and misleading claims about American elections, many of which mirror older allegations that Trump made regularly on the campaign trail. Those include claims...

0

Senators criticize Trump officials’ discussion of war plans over Signal, but administration answers don’t come easily   – CyberScoop

Democratic senators hammered two top national security officials Tuesday about their participation in a Signal chat discussing war plans that reportedly included a journalist, but struggled to get specific answers to some of their questions about what happened and how. Director of National Intelligence Tulsi Gabbard wouldn’t even initially acknowledge her involvement in the chat group, where, as reported by The...

0

The AI Fix #43: I, for one, welcome our new robot overlords!  – Graham Cluley

In episode 43 of The AI Fix, our hosts discover a robot that isn’t terrifying, a newspaper shuns journalists in favour of AI, Graham watches a robot dog learn to stand, an AI computer programmer develops a familiar attitude, and New York tries to stop its humans arming their robots. Graham worries about AI vomit, a Norwegian man is falsely...

0

Privacy-boosting tech could prevent breaches, data misuse with government aid, report says  – CyberScoop

Governments should prioritize the use of privacy-boosting technologies like encryption, de-identification and hashing to prevent breaches and data misuse, a report that New America’s Open Technology Institute published Tuesday recommends. The study comes as cyber and privacy experts warn about the dangers of the Trump administration’s Department of Government Efficiency (DOGE) accessing sensitive information at federal agencies, also the subject...

0

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker  – The Hacker News

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. “Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia,” Silent Push said in a report shared with The ...

0

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years  – The Hacker News

A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was...

0

AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface  – The Hacker News

Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major...

0

Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps  – The Hacker News

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft’s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. “These threats disguise themselves as legitimate apps, targeting users to steal sensitive information,” McAfee Labs researcher Dexter Shin said. .NET  – Read More  – The Hacker News 

0

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust  – The Hacker News

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort “aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses,” INTERPOL said, adding it  – Read More  –...

0

Researchers raise alarm about critical Next.js vulnerability  – CyberScoop

Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on March 21. Researchers Allam Rachid...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.