Category: Attack Feeds

Washington DC, USA, 17th February 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. “The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health … Read More “SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer  – The Hacker News” »

PDF security guide covering redaction, metadata risks, compliance standards, and safe editing of password-protected files to prevent data leaks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting, I wanted to get some … Read More “My Day Getting My Hands Dirty with an NDR System  – The Hacker News” »

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics … Read More “Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster  – The Hacker News” »

Researchers have found forensic evidence suggesting that Kenyan authorities used Cellebrite’s phone-cracking technology on the device of a prominent human rights activist after arresting him, according to a report published Tuesday. The University of Toronto’s Citizen Lab said the intrusion is a sign of growing abuse of Cellebrite’s technology. According to the report, after his … Read More “Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone  – CyberScoop” »

Moody’s recently reported that global investment in data centers will surpass $3 trillion over the next five years, driven by AI capacity growth and hyperscaler demand. As big tech companies, banks, and institutional investors pour capital into these projects, data center developers and their financial sponsors must prioritze cybersecurity. Moody’s said that data center investments … Read More “Why ‘secure-by-design’ systems are non-negotiable in the AI era  – CyberScoop” »

Identity is still the primary entry point for cyberattacks, according to Palo Alto Networks’ threat intelligence firm Unit 42. In its annual incident response report released Tuesday, Unit 42 found that identity-based techniques accounted for nearly two-thirds of all initial network intrusions last year.  Social engineering was the leading attack method, accounting for one-third of … Read More “Unit 42: Nearly two-thirds of breaches now start with identity abuse  – CyberScoop” »

Researchers have found forensic evidence suggesting that Kenyan authorities used Cellebrite’s phone-cracking technology on the device of a prominent human rights activist after arresting him, according to a report published Tuesday. The University of Toronto’s Citizen Lab said the intrusion is a sign of growing abuse of Cellebrite’s technology. According to the report, after his … Read More “Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone  – CyberScoop” »

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the “Summarize with AI” button that’s being increasingly placed on websites in ways that mirror classic search engine poisoning (AI). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The … Read More “Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations  – The Hacker News” »

Boston, Massachusetts, 17th February 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. … Read More “Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta  – The Hacker News” »

Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.  – … Read More “Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers  – The Hacker News” »

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment. “This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the ‘souls’ and identities of personal AI [  – Read More  … Read More “Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens  – The Hacker News” »

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being … Read More “Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware  – The Hacker News” »

Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation Breakfast: How Mission-Oriented Science and Innovation Programmes Will Address Societal Challenges’. Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer  – Read More  … Read More “Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud  – The Hacker News” »

Cybersecurity experts at Moonlock Lab have discovered a new ClickFix attack. Hackers are using hijacked Google Ads and fake Claude AI guides to trick Mac users into installing the data-stealing MacSync malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that’s being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. “The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a … Read More “New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft  – The Hacker News” »

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming … Read More “New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released  – The Hacker News” »

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the “nslookup” (short for nameserver lookup) command to execute a custom … Read More “Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging  – The Hacker News” »

New investigation by Q Continuum reveals 287 Chrome extensions leaking the private browsing data of 37.4 million users to firms like Similarweb and Alibaba. Learn how these harmless tools turn your history into a product.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Healthcare interoperability improves care but expands attack surfaces, increasing data exposure, compliance risk, and security challenges across connected systems.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking … Read More “Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations  – The Hacker News” »

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and  – Read … Read More “Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs  – The Hacker News” »

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of … Read More “UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors  – The Hacker News” »

AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.  – Read More  … Read More “Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History  – The Hacker News” »

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer … Read More “npm’s Update to Harden Their Supply Chain, and Points to Consider  – The Hacker News” »

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing  … Read More “Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability  – The Hacker News” »

Apple disclosed a zero-day vulnerability Wednesday that the vendor warned was previously “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a security update. The memory-corruption vulnerability — CVE-2026-20700 — affects iPhones and iPads and was exploited on devices running versions of iOS before iOS 26. The Cybersecurity and Infrastructure … Read More “Apple discloses first actively exploited zero-day of 2026  – CyberScoop” »

Proofpoint announced Thursday it has acquired Acuvity, an AI security startup, as the cybersecurity company moves to address security risks stemming from widespread corporate adoption of agentic AI. The acquisition strengthens Proofpoint‘s capabilities in monitoring and securing AI-powered systems that are increasingly handling sensitive business functions across enterprises.  Financial terms of the deal were not … Read More “Proofpoint acquires Acuvity to tackle the security risks of agentic AI  – CyberScoop” »

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle. The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. John Hultquist, chief analyst … Read More “Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle   – CyberScoop” »

The Cybersecurity and Infrastructure Security Agency will hold sector-by-sector town halls in the coming weeks to get feedback on a stalled regulation requiring critical infrastructure owners and operators to report when they suffer major cyberattacks. The meeting dates, set to be published in the Federal Register Friday, would “allow external stakeholders a limited additional opportunity … Read More “CISA to host industry feedback sessions on cyber incident reporting regulation  – CyberScoop” »

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active … Read More “Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  – The Hacker News” »

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction … Read More “Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support  – The Hacker News” »

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active … Read More “Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  – The Hacker News” »

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry … Read More “ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories  – The Hacker News” »

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point  … Read More “The CTEM Divide: Why 84% of Security Programs Are Falling Behind  – The Hacker News” »

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and … Read More “83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure  – The Hacker News” »

A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability … Read More “Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices  – The Hacker News” »

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. … Read More “First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials  – The Hacker News” »

Another Department of Homeland Security shutdown would hamper the Cybersecurity and Infrastructure Security Agency’s ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation, its acting director told Congress Wednesday. Some of those activities would continue on a limited basis, while others would halt entirely, acting CISA leader Madhu … Read More “Acting CISA chief says DHS funding lapse would limit, halt some agency work  – CyberScoop” »

Ransomware groups crop up like weeds, angling for striking positions in a crowded field rife with turnover, infighting and unbridled competition. Yet, they rarely emerge, as 0APT did late last month, claiming roughly 200 victims out of the gate. Researchers have thus far seen no evidence confirming 0APT attacked any of its alleged victims, which … Read More “0APT ransomware group rises swiftly with bluster, along with genuine threat of attack  – CyberScoop” »

AI apps are making their way into healthcare. It’s not clear that rigorous data security or privacy practices will be part of the package. OpenAI, Anthropic and Google have all rolled out AI-powered health offerings from over the past year. These products are designed to provide health and wellness advice to individual users or organizations, … Read More “Your AI doctor doesn’t have to follow the same privacy rules as your real one  – CyberScoop” »