Category: Attack Feeds

0

Victims of Cybercrime that create their own demise  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

One of the most successful actions that cyber threat actors have historically taken is in the use of “phishing” while misrepresenting themselves and convincing people to give up their logins, passwords and/or control of their device. The problem with this is that the users volunteer their information and therefore the breach can’t be prosecuted. Anydesk […] The post Victims of...

0

Silk Typhoon shifted to specifically targeting IT management companies  – CyberScoop

The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday.  The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access management, cloud-based application providers and...

0

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom  – The Hacker News

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report...

0

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing  – The Hacker News

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. “EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions,” Outpost24 KrakenLabs said in a new report shared with The  – Read More  – The Hacker News 

0

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution  – The Hacker News

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. “Prototype pollution in Kibana leads...

0

Outsmarting Cyber Threats with Attack Graphs  – The Hacker News

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths  – Read...

0

Smashing Security podcast #407: HP’s hold music, and human trafficking  – Graham Cluley

Journey with us to Myanmar’s shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company’s mandatory hold time for tech support could lead to innocent users having their computers compromised. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans...

0

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access  – The Hacker News

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. “Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed,” c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[  – Read More ...

0

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations  – The Hacker News

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun  – Read...

0

US indicts 12 Chinese nationals for vast espionage attack spree  – CyberScoop

The Justice Department on Wednesday indicted 12 Chinese nationals for their alleged involvement in an extensive nation-state-backed espionage campaign that included a spree of attacks on U.S. federal and state agencies, including the late 2024 attack targeting the Treasury Department.  Officials accused the Chinese individuals, including two officers of China’s Ministry of Public Security, eight i-Soon employees and two members...

0

Cybercriminals picked up the pace on attacks last year  – CyberScoop

Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms.  The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help them avoid detection, a heightened...

0

Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior   – CyberScoop

The generative AI revolution is leading to an explosion of chatbot personas that are specifically designed to promote harmful behaviors like anorexia, suicidal ideation and pedophilia, according to a new report from Graphika. Graphika’s research focuses on three distinct chatbot personas that have become particularly popular online: those portraying sexualized minors, advocates for eating disorders or self-harm, and those imitating...

0

Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets  – CyberScoop

Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra, achieving what it describes as a first-of-its-kind accomplishment in the open-source community.  The project enables organizations in regulated industries — including government, health care, and finance — to deploy Cassandra with cryptographic libraries compliant with the National Institute of Standards and Technology’s Federal...

0

Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security  – CyberScoop

The NSA’s former top cybersecurity official told Congress on Wednesday that the Trump administration’s attempts to mass fire probationary federal employees will be “devastating” for U.S. cybersecurity operations. In testimony to the House Select Committee on the Chinese Communist Party, Rob Joyce, the former NSA cybersecurity director who retired from government service last year, warned lawmakers that countering Chinese hacking...

0

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access  – The Hacker News

The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That’s according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking  –...

0

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud  – The Hacker News

Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. “These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations,” Google said. “And more phone calling scammers are using spoofing techniques to hide their real  – Read More  – The Hacker News 

0

Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America  – The Hacker News

The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the malware as loaded with a “full suite of espionage features.” “It could upload files, capture screenshots ...

0

Defending against USB drive attacks with Wazuh  – The Hacker News

USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization’s reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to  – Read More ...

0

Identity: The New Cybersecurity Battleground  – The Hacker News

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector  – Read More ...

0

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants  – The Hacker News

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. “Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing  – Read More  –...

0

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement  – CyberScoop

Malicious hacking groups pay close attention to public documents related to criminal prosecutions, and the lack of standardized names for those groups hampers U.S. federal law enforcement, an investigator said in a recent speech. The investigator, who could not be named under the conditions of the speech, said those are just two of many problems facing investigators pursuing cybercriminals in...

0

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems  – The Hacker News

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. “The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers  – Read More  – The Hacker News 

0

Congress eyes bigger cyber role for NTIA amid telecom attacks  – CyberScoop

As Salt Typhoon and other hacking groups continue targeting U.S. telecoms, a bipartisan bill that cleared a key House panel Tuesday aims to formalize a more cyber-focused role for the federal agency focused on those wireless networks. The National Telecommunications and Information Administration Organization Act would establish an Office of Policy Development and Cybersecurity within the Commerce Department’s NTIA under...

0

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates  – The Hacker News

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. “Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute  – Read...

0

CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy  – Zero Day Initiative – Blog

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the Microsoft Windows Key Distribution Center (KDC) Proxy. This bug was originally discovered by k0shl and Wei in Kunlun Lab with Cyber KunLun. Successful exploitation could result in arbitrary...

0

House passes bill requiring federal contractors to have vulnerability disclosure policies  – CyberScoop

A bill that would close a loophole in federal cybersecurity standards by requiring government contractors to abide by vulnerability disclosure policies moved one step closer to law Monday after sailing through the House. The passage of the Federal Contractor Cybersecurity Vulnerability Reduction Act in the House came a month after Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio reintroduced their...

0

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches  – The Hacker News

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows – CVE-2025-22224 (CVSS score: 9.3) – A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with  – Read More ...

0

How New AI Agents Will Transform Credential Stuffing Attacks  – The Hacker News

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. Stolen credentials: The cyber criminal’s weapon...

0

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers  – The Hacker News

Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well...

0

Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector  – The Hacker News

Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October  – Read More  – The Hacker...

0

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm  – The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2023-20118 (CVSS score: 6.5) – A command injection  – Read More  – The...

0

Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities  – The Hacker News

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-43093 – A privilege escalation flaw in the Framework component that could result in unauthorized access to “Android/data,” “Android/obb,”  – Read...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.