Category: Attack Feeds

0

AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface  – The Hacker News

Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major...

0

Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps  – The Hacker News

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft’s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. “These threats disguise themselves as legitimate apps, targeting users to steal sensitive information,” McAfee Labs researcher Dexter Shin said. .NET  – Read More  – The Hacker News 

0

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust  – The Hacker News

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort “aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses,” INTERPOL said, adding it  – Read More  –...

0

Researchers raise alarm about critical Next.js vulnerability  – CyberScoop

Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on March 21. Researchers Allam Rachid...

0

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication  – The Hacker News

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of  – Read More  – The Hacker...

0

As 23andMe declares bankruptcy, privacy advocates sound alarm about DNA data  – CyberScoop

Genetic testing business 23andMe filed for bankruptcy Sunday, amplifying fears from privacy advocates that the DNA records and personal information of its 15 million customers could soon be up for sale to the highest bidder. 23andMe, which was once valued at $6 billion, has been experiencing financial distress and declining profits since going public in 2021.  As part of the...

0

Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US  – CyberScoop

A Canadian citizen is one step closer to standing trial in the United States for his alleged involvement in a series of attacks targeting as many as 165 Snowflake customers, one of the most widespread and damaging attack sprees on record.  Connor Moucka consented to extradition on Friday to face 20 federal charges, including conspiracy to commit computer fraud, accessing...

0

Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks  – The Hacker News

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to  – Read More  –...

0

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics  – The Hacker News

A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. “The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%,” Check Point said in a report published over...

0

How to Balance Password Security Against User Experience  – The Hacker News

If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This...

0

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware  – The Hacker News

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that’s under development to its users. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a  – Read More  – The Hacker News 

0

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More  – The Hacker News

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad  –...

0

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks  – The Hacker News

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. “Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an  – Read More  –...

0

Despite challenges, the CVE program is a public-private partnership that has shown resilience  – CyberScoop

In 1999, Dave Mann and Steve Christey, two researchers from the nonprofit R&D corporation MITRE,  debuted a concept for security vulnerabilities that laid the groundwork for the common vulnerability and exposures framework (CVE) that organizes information around computer vulnerabilities. Twenty-five years later, the CVE program, which assigns a unique record to each reported vulnerability, is in its fifth iteration. It...

0

GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets  – The Hacker News

The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. “The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,”  – Read More ...

0

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe  – The Hacker News

The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. “Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring  – Read More ...

0

FCC’s Carr alleges Chinese companies are making ‘end run’ around Chinese telecom bans, announces investigation   – CyberScoop

The first initiative from The Federal Communications Commission’s newly-created Council on National Security will be a “sweeping” investigation of Chinese-made equipment in America’s telecommunications infrastructure, the agency announced Friday. In particular, FCC Commissioner Brendan Carr said the focus will be on equipment and services from Chinese companies already barred from U.S. networks under the Secure and Trusted Communications Networks Act....

0

Arrests in Tap-to-Pay Scheme Powered by Phishing  – Krebs on Security

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to...

0

UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools  – The Hacker News

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. “UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim  – Read More  –...

0

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates  – The Hacker News

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS  – Read...

0

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers  – The Hacker News

Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. “Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents,” the company said. “This suggests  – Read More  – The Hacker...

0

10 Critical Network Pentest Findings IT Teams Overlook  – The Hacker News

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That’s where  – Read...

0

China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families  – The Hacker News

The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place  – Read More  – The Hacker...

0

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility  – The Hacker News

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below –  CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an  – Read More ...

0

Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News

Citizen Lab’s investigation reveals sophisticated spyware attacks exploiting WhatsApp vulnerabilities, implicating Paragon Solutions. Learn how their research exposed these threats and the implications for digital privacy.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

0

Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News

A new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

0

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users  – The Hacker News

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. “What’s intriguing about this malware is how much it collects,” Kaspersky said in an analysis. “It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and  – Read More ...

0

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day  – CyberScoop

Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut .lnk files, also known as...

0

Smashing Security podcast #409: Peeping perverts and FBI phone calls  – Graham Cluley

In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.  – Read More  – Graham Cluley 

0

Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems  – The Hacker News

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. “A vulnerability allowing remote code execution (RCE) by authenticated domain users,” the  –...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.