Category: Attack Feeds

0

House passes bill requiring federal contractors to have vulnerability disclosure policies  – CyberScoop

A bill that would close a loophole in federal cybersecurity standards by requiring government contractors to abide by vulnerability disclosure policies moved one step closer to law Monday after sailing through the House. The passage of the Federal Contractor Cybersecurity Vulnerability Reduction Act in the House came a month after Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio reintroduced their...

0

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches  – The Hacker News

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows – CVE-2025-22224 (CVSS score: 9.3) – A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with  – Read More ...

0

How New AI Agents Will Transform Credential Stuffing Attacks  – The Hacker News

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. Stolen credentials: The cyber criminal’s weapon...

0

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers  – The Hacker News

Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well...

0

Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector  – The Hacker News

Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October  – Read More  – The Hacker...

0

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm  – The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2023-20118 (CVSS score: 6.5) – A command injection  – Read More  – The...

0

Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities  – The Hacker News

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-43093 – A privilege escalation flaw in the Framework component that could result in unauthorized access to “Android/data,” “Android/obb,”  – Read...

0

Android security update contains 2 actively exploited vulnerabilities  – CyberScoop

Google addressed 43 vulnerabilities affecting Android devices in its March security update, including a pair of software defects reportedly under active exploitation. Google said the two vulnerabilities — CVE-2024-43093 and CVE-2024-50302 — “may be under limited, targeted exploitation.” The most severe of the flaws under active exploitation, CVE-2024-43093, carries a CVSS score of 7.8 and was added to the Cybersecurity...

0

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail  – The Hacker News

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to ...

0

DHS says CISA won’t stop looking at Russian cyber threats  – CyberScoop

The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and critical infrastructure protection. It further...

0

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children’s Data Protection Practices  – The Hacker News

The U.K.’s Information Commissioner’s Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it’s probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range...

0

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks  – The Hacker News

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager’s BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). “These include arbitrary kernel memory mapping and  – Read More  – The...

0

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites  – The Hacker News

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. “The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known  – Read More ...

0

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists  – The Hacker News

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely...

0

The New Ransomware Groups Shaking Up 2025  – The Hacker News

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%,...

0

Vo1d Botnet’s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries  – The Hacker News

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25,...

0

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language  – The Hacker News

Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states – You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe...

0

SolarWinds CISO says security execs are ‘nervous’ about individual liability for data breaches   – CyberScoop

SolarWinds’ top cybersecurity executive said chief information security officers are increasingly grappling with how to do their jobs while avoiding individual legal liability for breaches that happen on their watch. Tim Brown, now CISO at SolarWinds, was a vice president and the highest-ranking security official at the company when hackers working on behalf of the Russian Foreign Intelligence Service (SVR)...

0

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab  – Krebs on Security

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software,...

0

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone  – The Hacker News

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. “The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite,” the international non-governmental  – Read More  –...

0

Cyber hacking moves to violence and harm of children  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.

Psychologists may have a plethora of reasons why individuals turn to cyber crime; and their results move beyond disturbing. It comes as no surprise that those involved in the theft of data have now escalated, their schemes to be even darker. These criminals have expanded to include international online groups called ‘the Com” where they […] The post Cyber hacking...

0

5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs  – The Hacker News

Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow’s content delivery network (CDN) to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. “The attacker uses SEO to trick victims into  – Read...

0

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable  – The Hacker News

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment....

0

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme  – The Hacker News

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft’s Azure OpenAI Service. The tech giant is  – Read More  – The...

0

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus  – The Hacker News

The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a “strong resemblance” to Awaken Likho (aka Core Werewolf, GamaCopy,...

0

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training  – The Hacker News

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users. Truffle  –...

0

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies  – CyberScoop

U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company while threatening to leak additional...

0

Here’s what Google is (and isn’t) planning with SMS account verification  – CyberScoop

Google is gradually phasing out SMS-based verification as part of its two-step verification (2SV) process across its suite of services, signaling a significant shift in how the tech giant approaches user authentication and security. The change, which will affect Gmail and all other Google services where users sign in with their Google accounts, marks a move away from the traditional...

0

Here’s what Google is (and isn’t) planning with SMS account verification  – CyberScoop

Google is gradually phasing out SMS-based verification as part of its two-step verification (2SV) process across its suite of services, signaling a significant shift in how the tech giant approaches user authentication and security. The change, which will affect Gmail and all other Google services where users sign in with their Google accounts, marks a move away from the traditional...

0

CFPB nominee signals openness to continuing data-broker work  – CyberScoop

President Donald Trump’s nominee to lead the consumer-focused federal agency that Elon Musk wants to “delete” and that Republican lawmakers have railed against since its creation indicated to senators Thursday that he could continue some data-focused work started by his Democratic predecessor. In his nomination hearing to lead the Consumer Financial Protection Bureau, Jonathan McKernan told members of the Senate...

0

Microsoft IDs developers behind alleged generative AI hacking-for-hire scheme  – CyberScoop

Microsoft has identified individuals from Iran, China, Vietnam and the United Kingdom as primary players in an alleged international scheme to hijack and sell Microsoft accounts that could bypass safety guidelines for generative AI tools. In December, Microsoft petitioned a Virginia court to seize infrastructure and software from 10 unnamed individuals who the company claims ran a hacking-as-a-service operation that...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.